PT-2019-11483 · Zzcms · Zzcms
Lz1Y
·
Published
2019-07-23
·
Updated
2021-07-21
·
CVE-2019-1010152
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
zzcms versions 8.3 and earlier
Description:
The issue affects the user/manage.php component, specifically lines 31-80, and can lead to code execution through file deletion, resulting in a potential getshell impact.
Recommendations:
For zzcms versions 8.3 and earlier, consider restricting access to the user/manage.php file until a patch is available. As a temporary workaround, avoid using the file deletion functionality in the affected component to minimize the risk of exploitation.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zzcms