PT-2023-25462 · Zzcms · Zzcms
Published
2023-07-03
·
Updated
2023-08-01
·
CVE-2023-36162
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZZCMS versions 2023 and earlier
Description
The issue allows a remote attacker to gain privileges via the add function in adminlist.php. This is a Cross Site Request Forgery vulnerability.
Recommendations
For ZZCMS versions 2023 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the
add function in adminlist.php to minimize the risk of exploitation.Exploit
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zzcms