A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file 3/Ebbak5.1/upload/class/functions.php. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/LvZCh/zzcms2023/issues/6 | Broken Link |
https://vuldb.com/?ctiid.281562 | Permissions Required |
https://vuldb.com/?id.281562 | Third Party Advisory |
https://vuldb.com/?submit.427146 | Third Party Advisory |
Configurations
History
30 Oct 2024, 13:37
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:* | |
References | () https://github.com/LvZCh/zzcms2023/issues/6 - Broken Link | |
References | () https://vuldb.com/?ctiid.281562 - Permissions Required | |
References | () https://vuldb.com/?id.281562 - Third Party Advisory | |
References | () https://vuldb.com/?submit.427146 - Third Party Advisory | |
First Time |
Zzcms
Zzcms zzcms |
|
CVSS |
v2 : v3 : |
v2 : 6.5
v3 : 9.8 |
25 Oct 2024, 12:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-23 16:15
Updated : 2024-10-30 13:37
NVD link : CVE-2024-10293
Mitre link : CVE-2024-10293
CVE.ORG link : CVE-2024-10293
JSON object : View
Products Affected
zzcms
- zzcms
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type