Path Traversal Vulnerability in ZZCMS Web Content Management System
CVE-2024-7927

7.5HIGH

Key Information:

Vendor

ZZCMS

Status
Zzcms
Vendor
CVE Published:
19 August 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-7927?

A serious vulnerability has been identified in ZZCMS 2023, specifically within the file handling process at /admin/class.php?dowhat=modifyclass. This weakness arises from improper validation of user input within the argument skin[], which could lead to an exploitation method known as path traversal. This kind of exploit allows attackers to access unauthorized files and directories on the server, potentially disclosing sensitive information. The vulnerability can be triggered remotely, making it imperative for users and administrators of the affected ZZCMS product to implement immediate security measures. It is advisable to review system configurations and update to patched versions to mitigate potential risks.

Affected Version(s)

ZZCMS 2023

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-7927 - Proof of Concept

References

https://vuldb.com/?id.275113
vdb-entrytechnical-description
https://vuldb.com/?ctiid.275113
signaturepermissions-required
https://vuldb.com/?submit.392186
third-party-advisory

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

0kooo (VulDB User)
.
CVE-2024-7927 : Path Traversal Vulnerability in ZZCMS Web Content Management System