CVE-2024-43011

Name of the Vulnerable Software and Affected Versions ZZCMS versions 2023 and earlier

Description An arbitrary file deletion issue exists due to insufficient validation and sanitization of user input for file paths in the admin/del.php file at line 62. This allows an attacker to use directory traversal techniques to delete arbitrary files on the server, potentially disrupting system operation.

Recommendations For ZZCMS versions 2023 and earlier, as a temporary workaround, consider restricting access to the admin/del.php file until a patch is available. Additionally, ensure proper validation and sanitization of user input for file paths to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.