CVE-2018-17798

2018-09-30T20:29:00
ID CVE-2018-17798
Type cve
Reporter cve@mitre.org
Modified 2019-10-03T00:03:00

Description

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.