PT-2024-31264 · Zzcms · Zzcms
Gkdf1Sh
·
Published
2024-09-04
·
Updated
2024-09-05
·
CVE-2024-44817
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZZCMS versions 2023 and earlier
Description
The issue allows a remote attacker to obtain sensitive information. This is achieved via the
id parameter in the "adv2.php" component.Recommendations
For ZZCMS versions 2023 and earlier, consider disabling the
id parameter in the "adv2.php" component as a temporary workaround until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zzcms