zzcms 2018 admin/dl_data.php filename path traversal

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as critical has been found in zzcms 2018 (Content Management System). Affected is an unknown functionality of the file admin/dl_data.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field02/18/2019 09:37 AM05/11/2020 06:31 AM
typeContent Management SystemContent Management System
namezzcmszzcms
version20182018
fileadmin/dl_data.phpadmin/dl_data.php
argumentfilenamefilename
cwe22 (directory traversal)22 (directory traversal)
risk11
historic00
cvss2_vuldb_basescore6.46.4
cvss2_vuldb_tempscore6.46.4
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciNN
cvss2_vuldb_iiPP
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciNN
cvss2_nvd_iiPP
cvss2_nvd_aiPP
cvss3_meta_basescore7.07.0
cvss3_meta_tempscore7.07.0
cvss3_vuldb_basescore6.56.5
cvss3_vuldb_tempscore6.56.5
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iLL
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prNN
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cNN
cvss3_nvd_iHH
cvss3_nvd_aNN
date1550361600 (02/17/2019)1550361600 (02/17/2019)
price_0day$0-$5k$0-$5k
cveCVE-2019-8411CVE-2019-8411
cve_assigned15503616001550361600
cve_nvd_summaryadmin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
0day_days404404
cvss3_nvd_basescore7.57.5
discoverydate1515456000

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!