ZZCMS list.php path traversal
CVE-2024-7924

7.5HIGH

Key Information:

Vendor: Zzcms
Status: Zzcms
Vendor: CVE Published:; 19 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-7924?

ZZCMS 2023 has a vulnerability that affects the processing of input in the /I/list.php file, specifically allowing path traversal. This weakness stems from improper validation of the 'skin' argument, potentially enabling remote attackers to access sensitive files on the server. The vulnerability has been publicly disclosed, which raises concerns over its exploitation by malicious actors who may perform unauthorized read operations on the filesystem. Organizations using the affected version of ZZCMS should consider immediate remediation steps to secure their databases and sensitive information against potential exploitation.

Affected Version(s)

ZZCMS 2023

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7924 - Proof of Concept

References

https://vuldb.com/?id.275110

vdb-entrytechnical-description

https://vuldb.com/?ctiid.275110

signaturepermissions-required

https://vuldb.com/?submit.391876

third-party-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Aug 19, 2024
👾
Exploit known to exist
Aug 19, 2024
Vulnerability published
Aug 19, 2024

Credit

0kooo (VulDB User)

Zzcms

Badges

What is CVE-2024-7924?

Affected Version(s)

Exploit Proof of Concept (PoC)

References

CVSS V3.1

Timeline

Credit