An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
References
Link | Resource |
---|---|
https://github.com/cumtxujiabin/CmsPoc/blob/master/zzcms_8.3_file_del.md | Exploit Third Party Advisory |
https://github.com/cumtxujiabin/CmsPoc/blob/master/zzcms_8.3_file_del.md | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:52
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/cumtxujiabin/CmsPoc/blob/master/zzcms_8.3_file_del.md - Exploit, Third Party Advisory |
Information
Published : 2018-09-02 18:29
Updated : 2024-11-21 03:52
NVD link : CVE-2018-16344
Mitre link : CVE-2018-16344
CVE.ORG link : CVE-2018-16344
JSON object : View
Products Affected
zzcms
- zzcms
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')