Unrestricted File Upload Vulnerability in ZZCMS 2023
CVE-2024-10292

9.8CRITICAL

Key Information:

Vendor: Zzcms
Status: Zzcms
Vendor: CVE Published:; 23 October 2024

What is CVE-2024-10292?

A vulnerability exists in ZZCMS 2023 that permits unrestricted file uploads through the manipulation of the 'savefilename' parameter within the ChangeTable.php file. This issue allows attackers to upload malicious files remotely, potentially compromising the server and leading to unauthorized access or further exploits. Due to its public disclosure, it is essential for administrators and users to take immediate action to mitigate the risks associated with this vulnerability.

References

https://vuldb.com/?id.281561

https://vuldb.com/?ctiid.281561

https://vuldb.com/?submit.427136

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 23, 2024

Zzcms

What is CVE-2024-10292?

References

CVSS V3.1

Timeline