CVE-2024-7925

A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*

History

20 Aug 2024, 16:06

Type Values Removed Values Added
First Time Zzcms zzcms
Zzcms
References () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/information_leak/Zenmus%20ekinfo.php%20had%20an%20information%20leak.md - () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/information_leak/Zenmus%20ekinfo.php%20had%20an%20information%20leak.md - Exploit
References () https://vuldb.com/?ctiid.275111 - () https://vuldb.com/?ctiid.275111 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.275111 - () https://vuldb.com/?id.275111 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.392121 - () https://vuldb.com/?submit.392121 - Third Party Advisory, VDB Entry
CVSS v2 : 4.0
v3 : 4.3
v2 : 4.0
v3 : 7.5
Summary
  • (es) Una vulnerabilidad fue encontrada en ZZCMS 2023 y ha sido calificada como problemática. Este problema afecta un procesamiento desconocido del archivo 3/E_bak5.1/upload/eginfo.php. La manipulación del argumento phome con la entrada ShowPHPInfo conduce a la divulgación de información. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*

19 Aug 2024, 18:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-19 18:15

Updated : 2024-08-20 16:06


NVD link : CVE-2024-7925

Mitre link : CVE-2024-7925

CVE.ORG link : CVE-2024-7925


JSON object : View

Products Affected

zzcms

  • zzcms
CWE
NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor