CVE-2024-44820

Name of the Vulnerable Software and Affected Versions ZZCMS versions 2023 and earlier

Description A sensitive information disclosure issue exists in the eginfo.php file, located at /3/E bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, exposing detailed information about the PHP environment, including server configuration, loaded modules, and environment variables.

Recommendations For ZZCMS versions 2023 and earlier, as a temporary workaround, consider restricting access to the eginfo.php file and the phome=ShowPHPInfo query parameter until a patch is available. Avoid using the phome parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.