CVE-2024-7926

A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*

History

04 Sep 2024, 18:42

Type Values Removed Values Added
CPE cpe:2.3:a:zzcms:zzcms:2023:*:*:*:*:*:*:*
First Time Zzcms zzcms
Zzcms
CVSS v2 : 7.5
v3 : 7.3
v2 : 7.5
v3 : 7.5
References () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md - () https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.275112 - () https://vuldb.com/?ctiid.275112 - Permissions Required
References () https://vuldb.com/?id.275112 - () https://vuldb.com/?id.275112 - Third Party Advisory
References () https://vuldb.com/?submit.392181 - () https://vuldb.com/?submit.392181 - Third Party Advisory

20 Aug 2024, 15:44

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad ha sido encontrada en ZZCMS 2023 y clasificada como crítica. Una función desconocida del archivo /admin/about_edit.php?action=modify es afectada por esta vulnerabilidad. La manipulación del aspecto del argumento conduce al path traversal. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.

19 Aug 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-19 20:15

Updated : 2024-09-04 18:42


NVD link : CVE-2024-7926

Mitre link : CVE-2024-7926

CVE.ORG link : CVE-2024-7926


JSON object : View

Products Affected

zzcms

  • zzcms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')