CVE-2018-16344

Name of the Vulnerable Software and Affected Versions zzcms version 8.3

Description An issue in zzcms allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter, potentially leading to database access by deleting install.lock.

Recommendations For zzcms version 8.3, consider restricting access to the flv parameter to prevent directory traversal attacks until a patch is available. As a temporary workaround, monitor install.lock and other critical files for unauthorized deletion. At the moment, there is no information about a newer version that contains a fix for this vulnerability.