CVE-2024-0603
HIGHZhiCms <4.0 - Deserialization
Title source: llmDescription
A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839.
Scores
CVSS v3
7.3
EPSS
0.0021
EPSS Percentile
42.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Classification
CWE
CWE-502
Status
published
Affected Products (1)
zhicms/zhicms
< 4.0
Timeline
Published
Jan 16, 2024
Tracked Since
Feb 18, 2026