CVE-2024-10290

A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://github.com/LvZCh/zzcms2023/issues/1 Broken Link
https://vuldb.com/?ctiid.281559 Permissions Required
https://vuldb.com/?id.281559 Third Party Advisory
https://vuldb.com/?submit.427069 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*

History

30 Oct 2024, 15:06

Type Values Removed Values Added
CPE cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*
CVSS v2 : 5.0
v3 : 5.3
v2 : 5.0
v3 : 7.5
First Time Zzcms
Zzcms zzcms
CWE NVD-CWE-noinfo
References () https://github.com/LvZCh/zzcms2023/issues/1 - () https://github.com/LvZCh/zzcms2023/issues/1 - Broken Link
References () https://vuldb.com/?ctiid.281559 - () https://vuldb.com/?ctiid.281559 - Permissions Required
References () https://vuldb.com/?id.281559 - () https://vuldb.com/?id.281559 - Third Party Advisory
References () https://vuldb.com/?submit.427069 - () https://vuldb.com/?submit.427069 - Third Party Advisory

25 Oct 2024, 12:56

Type Values Removed Values Added
Summary
  • (es) En ZZCMS 2023 se ha detectado una vulnerabilidad clasificada como problemática que afecta a una parte desconocida del archivo 3/qq-connect2.0/API/com/inc.php. La manipulación da lugar a la divulgación de información. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.

23 Oct 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-23 15:15

Updated : 2024-10-30 15:06


NVD link : CVE-2024-10290

Mitre link : CVE-2024-10290

CVE.ORG link : CVE-2024-10290


JSON object : View

Products Affected

zzcms

  • zzcms
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor