ZZCMS 2023 inc.php Bayani fitowa

Wuro vulnerability wey an yi classify sey karshewa an gano shi a cikin ZZCMS 2023. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, 3/qq-connect2.0/API/com/inc.php na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi Bayani fitowa. CWE shidin ka a yi bayani matsala sai ya kai CWE-200. Gaskiya, laifi an fitar da shi 10/23/2024. Advisory ɗin ana rabawa don saukewa a github.com. Wannan rauni ana sayar da shi da suna CVE-2024-10290. Ngam yiɗi ka a tuma ndiyam ka nder waya. Tekinikal bayani ga. Kuma, exploit ɗin yana akwai. Wuro exploit ɗin an bayyana shi ga jama'a kuma za a iya amfani da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro huɗɗi-na-gaskiya. Wona yiwuwa a zazzage exploit a github.com. Kama 0-day, an ndiyam a wuro be $0-$5k. Ana shawar da a yi amfani da katangar wuta mai tsauri. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

2 Goyarwa · 86 Datenpunkte

FurɗeSúgá
10/23/2024 09:57		Gargadi 1/1
10/25/2024 15:02
software_nameZZCMSZZCMS
software_version20232023
software_file3/qq-connect2.0/API/com/inc.php3/qq-connect2.0/API/com/inc.php
vulnerability_cweCWE-200 (Bayani fitowa)CWE-200 (Bayani fitowa)
vulnerability_risk11
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss3_vuldb_ePP
cvss3_vuldb_rlWW
cvss3_vuldb_rcRR
advisory_urlhttps://github.com/LvZCh/zzcms2023/issues/1https://github.com/LvZCh/zzcms2023/issues/1
exploit_availability11
exploit_publicity11
exploit_urlhttps://github.com/LvZCh/zzcms2023/issues/1https://github.com/LvZCh/zzcms2023/issues/1
countermeasure_nameFirewallFirewall
source_cveCVE-2024-10290CVE-2024-10290
cna_responsibleVulDBVulDB
software_typeContent Management SystemContent Management System
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss2_vuldb_ePOCPOC
cvss2_vuldb_rcURUR
cvss2_vuldb_rlWW
cvss4_vuldb_avNN
cvss4_vuldb_acLL
cvss4_vuldb_prNN
cvss4_vuldb_uiNN
cvss4_vuldb_vcLL
cvss4_vuldb_viNN
cvss4_vuldb_vaNN
cvss4_vuldb_ePP
cvss4_vuldb_atNN
cvss4_vuldb_scNN
cvss4_vuldb_siNN
cvss4_vuldb_saNN
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore4.14.1
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore4.74.7
cvss3_meta_basescore5.35.3
cvss3_meta_tempscore4.75.0
cvss4_vuldb_bscore6.96.9
cvss4_vuldb_btscore5.55.5
advisory_date1729634400 (10/23/2024)1729634400 (10/23/2024)
price_0day$0-$5k$0-$5k
cve_nvd_summaryA vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-connect2.0/API/com/inc.php. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryesEn ZZCMS 2023 se ha detectado una vulnerabilidad clasificada como problemática que afecta a una parte desconocida del archivo 3/qq-connect2.0/API/com/inc.php. La manipulación da lugar a la divulgación de información. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prN
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viN
cvss4_cna_vaN
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore6.9
cvss3_cna_avN
cvss3_cna_acL
cvss3_cna_prN
cvss3_cna_uiN
cvss3_cna_sU
cvss3_cna_cL
cvss3_cna_iN
cvss3_cna_aN
cvss3_cna_basescore5.3
cvss2_cna_avN
cvss2_cna_acL
cvss2_cna_auN
cvss2_cna_ciP
cvss2_cna_iiN
cvss2_cna_aiN
cvss2_cna_basescore5

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!