CVE-2024-7926

Name of the Vulnerable Software and Affected Versions ZZCMS version 2023

Description A critical vulnerability has been found in ZZCMS. The issue affects an unknown function of the file /admin/about edit.php?action=modify. The manipulation of the skin argument leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For ZZCMS version 2023, as a temporary workaround, consider restricting access to the /admin/about edit.php?action=modify endpoint until a patch is available. Additionally, avoid using the skin argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.