An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
References
Link | Resource |
---|---|
https://github.com/cumtxujiabin/CmsPoc/blob/master/zzcms_8.3_file_del.md | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2018-09-02 18:29
Updated : 2024-02-28 16:48
NVD link : CVE-2018-16344
Mitre link : CVE-2018-16344
CVE.ORG link : CVE-2018-16344
JSON object : View
Products Affected
zzcms
- zzcms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')