Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:14 a.m.10 views

CVE-2024-2016

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been...

8.8CVSS9AI score0.01024EPSS
Exploits1References1
OSV
OSV
added 2024/03/21 2:52 a.m.4 views

CVE-2024-2016

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been...

8.8CVSS5.6AI score0.01024EPSS
Exploits1References3
NVD
NVD
added 2024/03/21 2:52 a.m.12 views

CVE-2024-2015

A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been...

8.8CVSS6.8AI score0.00807EPSS
Exploits1References3
CVE
CVE
added 2024/02/29 9:31 p.m.33 views

CVE-2024-2016

CVE-2024-2016 affects ZhiCms 4.0; the vulnerability is in the index function of app/manage/controller/setcontroller.php where manipulating the sitename argument leads to code injection. It is exploitable remotely, and the exploit has been publicly disclosed (VDB-255270). No official patched versi...

8.8CVSS6.9AI score0.01024EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/29 9:0 p.m.8 views

CVE-2024-2015 ZhiCms mcontroller.php getindexdata sql injection

A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been...

6.5CVSS7.6AI score0.00807EPSS
Exploits1References3
CVE
CVE
added 2024/02/29 9:0 p.m.31 views

CVE-2024-2015

The CVE-2024-2015 entry concerns ZhiCms 4.0. The vulnerability is in the getindexdata function of app/index/controller/mcontroller.php, where manipulation of the key argument enables SQL injection. Exploitation can be performed remotely, and public disclosures exist (VDB-255269). Some connected s...

8.8CVSS6.8AI score0.00807EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder