6 matches found
CVE-2024-2016
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-2016
A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been...
CVE-2024-2015
A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2024-2016
CVE-2024-2016 affects ZhiCms 4.0; the vulnerability is in the index function of app/manage/controller/setcontroller.php where manipulating the sitename argument leads to code injection. It is exploitable remotely, and the exploit has been publicly disclosed (VDB-255270). No official patched versi...
CVE-2024-2015 ZhiCms mcontroller.php getindexdata sql injection
A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2024-2015
The CVE-2024-2015 entry concerns ZhiCms 4.0. The vulnerability is in the getindexdata function of app/index/controller/mcontroller.php, where manipulation of the key argument enables SQL injection. Exploitation can be performed remotely, and public disclosures exist (VDB-255269). Some connected s...