A vulnerability classified as critical has been found in zzcms 2018 (Content Management System). Affected is an unknown functionality of the file admin/dl_data.php. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
| Field | 02/18/2019 09:37 AM | 05/11/2020 06:31 AM |
|---|---|---|
| type | Content Management System | Content Management System |
| name | zzcms | zzcms |
| version | 2018 | 2018 |
| file | admin/dl_data.php | admin/dl_data.php |
| argument | filename | filename |
| cwe | 22 (directory traversal) | 22 (directory traversal) |
| risk | 1 | 1 |
| historic | 0 | 0 |
| cvss2 | 6.4 | 6.4 |
| cvss2 | 6.4 | 6.4 |
| cvss2 | N | N |
| cvss2 | L | L |
| cvss2 | N | N |
| cvss2 | N | N |
| cvss2 | P | P |
| cvss2 | P | P |
| cvss2 | N | N |
| cvss2 | L | L |
| cvss2 | N | N |
| cvss2 | N | N |
| cvss2 | P | P |
| cvss2 | P | P |
| cvss3 | 7.0 | 7.0 |
| cvss3 | 7.0 | 7.0 |
| cvss3 | 6.5 | 6.5 |
| cvss3 | 6.5 | 6.5 |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | N | N |
| cvss3 | N | N |
| cvss3 | U | U |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | L | L |
| cvss3 | N | N |
| cvss3 | L | L |
| cvss3 | N | N |
| cvss3 | N | N |
| cvss3 | U | U |
| cvss3 | N | N |
| cvss3 | H | H |
| cvss3 | N | N |
| date | 1550361600 (02/17/2019) | 1550361600 (02/17/2019) |
| price | $0-$5k | $0-$5k |
| cve | CVE-2019-8411 | CVE-2019-8411 |
| cve | 1550361600 | 1550361600 |
| cve | admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. |
| cvss2 | ND | ND |
| cvss2 | ND | ND |
| cvss2 | ND | ND |
| cvss3 | X | X |
| cvss3 | X | X |
| cvss3 | X | X |
| 0day | 404 | 404 |
| cvss3 | 7.5 | 7.5 |
| discoverydate | 1515456000 |
Are you interested in using VulDB?
Download the whitepaper to learn more about our service!