File Upload Vulnerability in ZZCMS 2023 by ZZQ66
CVE-2023-50104

9.8CRITICAL

Key Information:

Vendor: Zzcms
Status: Zzcms
Vendor: CVE Published:; 28 December 2023

What is CVE-2023-50104?

ZZCMS 2023 contains a critical file upload vulnerability located in index.php within the 3/E_bak5.1/upload directory. This security flaw allows attackers to exploit the system, potentially gaining unauthorized server privileges and executing arbitrary code. Proper validation and handling of file uploads are essential to mitigate this risk and protect sensitive server operations.

References

https://github.com/zzq66/cve4

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 28, 2023
Vulnerability Reserved
Dec 4, 2023

Zzcms

What is CVE-2023-50104?

References

CVSS V3.1

Timeline