CVE-2024-43011

MEDIUM

zzcms < 2023 - Arbitrary File Deletion via admin/del.php Path Traversal

Title source: llm

Description

An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system.

References (2)

Core 2

Core References

Broken Link

http://www.zzcms.net/about/download.html

Broken Link

https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43011%20ZZCMS2023%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E.md

Scores

CVSS v3 4.9

EPSS 0.0067

EPSS Percentile 47.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

zzcms/zzcms < 2023

Published Aug 16, 2024

Tracked Since Feb 18, 2026