ZZCMS user/manage.php file arbitrary file deletion vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in the user/manage.php file in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' or 'oldflv' parameter in an...

CVE-2018-8968

An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

CVE-2018-8968

An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

PT-2018-18747 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue was discovered that allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an "action=modify" request to the "user/manage.php" endpoint...