CVE-2023-36162

Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*

History

01 Aug 2023, 18:15

Type Values Removed Values Added
References
  • (MISC) https://github.com/779789571/zzcms/blob/main/README.md -
Summary Cross Site Request Forgery vulnerability in ZZCMS v.2023 alows a remote attacker to gain privileges via the add function in adminlist.php. Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.

10 Jul 2023, 16:57

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8
CPE cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*
CWE CWE-352
References (MISC) http://www.zzcms.net/about/download.html - (MISC) http://www.zzcms.net/about/download.html - Product
References (MISC) https://github.com/forget-code/zzcms/issues/6 - (MISC) https://github.com/forget-code/zzcms/issues/6 - Exploit, Issue Tracking
First Time Zzcms zzcms
Zzcms

03 Jul 2023, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-07-03 21:15

Updated : 2024-02-28 20:13


NVD link : CVE-2023-36162

Mitre link : CVE-2023-36162

CVE.ORG link : CVE-2023-36162


JSON object : View

Products Affected

zzcms

  • zzcms
CWE
CWE-352

Cross-Site Request Forgery (CSRF)