CVE-2024-7924

A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
References
Link Resource
https://gitee.com/A0kooo/cve_article/blob/master/zzcms/zzcms%20list.php%20Directory%20traversal.md Exploit
https://vuldb.com/?ctiid.275110 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.275110 Third Party Advisory VDB Entry
https://vuldb.com/?submit.391876 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*

History

20 Aug 2024, 16:07

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad fue encontrada en ZZCMS 2023 y fue declarada crítica. Esta vulnerabilidad afecta a un código desconocido del archivo /I/list.php. La manipulación del aspecto del argumento conduce al path traversal. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
First Time Zzcms zzcms
Zzcms
CVSS v2 : 5.0
v3 : 5.3
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*
References () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/zzcms%20list.php%20Directory%20traversal.md - () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/zzcms%20list.php%20Directory%20traversal.md - Exploit
References () https://vuldb.com/?ctiid.275110 - () https://vuldb.com/?ctiid.275110 - Permissions Required, Third Party Advisory, VDB Entry
References () https://vuldb.com/?id.275110 - () https://vuldb.com/?id.275110 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.391876 - () https://vuldb.com/?submit.391876 - Third Party Advisory, VDB Entry

19 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-19 18:15

Updated : 2024-08-20 16:07


NVD link : CVE-2024-7924

Mitre link : CVE-2024-7924

CVE.ORG link : CVE-2024-7924


JSON object : View

Products Affected

zzcms

  • zzcms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')