CVE-2024-7927

A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*

History

04 Sep 2024, 18:44

Type Values Removed Values Added
CPE cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 7.5
First Time Zzcms
Zzcms zzcms
References () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal3/zzcms%20class.php%20Directory%20traversal.md - () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal3/zzcms%20class.php%20Directory%20traversal.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.275113 - () https://vuldb.com/?ctiid.275113 - Permissions Required
References () https://vuldb.com/?id.275113 - () https://vuldb.com/?id.275113 - Third Party Advisory
References () https://vuldb.com/?submit.392186 - () https://vuldb.com/?submit.392186 - Third Party Advisory

20 Aug 2024, 15:44

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en ZZCMS 2023 y clasificada como crítica. Una función desconocida del archivo /admin/class.php?dowhat=modifyclass es afectada por esta vulnerabilidad. La manipulación del argumento skin[] conduce a un path traversal. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

19 Aug 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-19 20:15

Updated : 2024-09-04 18:44


NVD link : CVE-2024-7927

Mitre link : CVE-2024-7927

CVE.ORG link : CVE-2024-7927


JSON object : View

Products Affected

zzcms

  • zzcms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')