CVE-2018-13056

Name of the Vulnerable Software and Affected Versions zzcms version 8.3

Description A vulnerability exists at the /user/del.php endpoint, allowing an attacker to delete any file by manipulating the zzcms main table and then making an image add request. This can be exploited to gain database access by deleting the install.lock file.

Recommendations For zzcms version 8.3, as a temporary workaround, consider restricting access to the /user/del.php endpoint until a patch is available. Additionally, restrict modifications to the zzcms main table to prevent unauthorized file deletions.