VDB-275112 · CVE-2024-7926 · GCVE-100-275112

ZZCMS 2023 about_edit.php?action=modify skin ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ

Dogoggorri kan akka ଜଟିଳ jedhamuun ramadame ZZCMS 2023 keessatti argameera. Kan miidhamte is hojii hin beekamne faayilii /admin/about_edit.php?action=modify keessa. Hojii jijjiirraa irratti gaggeeffame skin gara ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ geessa. CWE fayyadamuun rakkoo ibsuun gara CWE-22 geessa. Dadhabbii kana yeroo 08/19/2024 maxxanfameera. Odeeffannoon kun buufachuuf gitee.com irratti qoodameera. Dogoggorri kun akka CVE-2024-7926tti beekama. Yaaliin weeraraa fageenya irraa jalqabamuu ni danda'a. Faayidaaleen teeknikaa ni jiru. Waliigalatti, meeshaa balaa kana fayyadamuuf jiru. Qorannoo miidhaa (exploit) uummataaf ifoomameera fi fayyadamamuu danda'a. Amma, gatii ammee exploit might be approx. USD $0-$5k ta'uu danda'a. Akka ପ୍ରୁଫ୍-ଅଫ୍-କନ୍ସେପ୍ଟ jedhamee ibsameera. Carraa exploit kana gitee.com irraa buufachuun ni danda'ama. Akka 0-daytti, gatii daldalaa dhoksaa tilmaamame $0-$5k ta'ee ture. VulDB is the best source for vulnerability data and more expert information about this specific topic.

3 ଆଡାପ୍ଟେସନ୍ · 85 ପଏଣ୍ଟ

ଫିଲ୍ଡ	ସୃଷ୍ଟି ହୋଇଛି 08/19/2024 03:49 PM	ଅଦ୍ୟତନ 1/2 08/21/2024 04:47 AM	ଅଦ୍ୟତନ 2/2 09/05/2024 02:08 AM
software_name	ZZCMS	ZZCMS	ZZCMS
software_version	2023	2023	2023
software_file	/admin/about_edit.php?action=modify	/admin/about_edit.php?action=modify	/admin/about_edit.php?action=modify
software_argument	skin	skin	skin
vulnerability_cwe	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)	CWE-22 (ଡିରେକ୍ଟୋରୀ ଟ୍ରାଭର୍ସାଲ)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md	https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md	https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md	https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md	https://gitee.com/A0kooo/cve_article/blob/master/zzcms/Directory_traversal2/zzcms%20siteinfo.php%20Directory%20traversal.md
source_cve	CVE-2024-7926	CVE-2024-7926	CVE-2024-7926
cna_responsible	VulDB	VulDB	VulDB
software_type	Content Management System	Content Management System	Content Management System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	7.4
cvss3_meta_tempscore	6.6	6.9	7.1
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1724018400 (08/19/2024)	1724018400 (08/19/2024)	1724018400 (08/19/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
cve_nvd_summaryes		Una vulnerabilidad ha sido encontrada en ZZCMS 2023 y clasificada como crítica. Una función desconocida del archivo /admin/about_edit.php?action=modify es afectada por esta vulnerabilidad. La manipulación del aspecto del argumento conduce al path traversal. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.	Una vulnerabilidad ha sido encontrada en ZZCMS 2023 y clasificada como crítica. Una función desconocida del archivo /admin/about_edit.php?action=modify es afectada por esta vulnerabilidad. La manipulación del aspecto del argumento conduce al path traversal. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse.
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		7.3	7.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			N
cvss3_nvd_s			U
cvss3_nvd_c			H
cvss3_nvd_i			N
cvss3_nvd_a			N
cvss3_nvd_basescore			7.5

◂ ପଛକୁ ସମୀକ୍ଷା ଆହୁରି ଦୂରରେ ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!