You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Attack vector(s):
zzcms is a set of content management system (CMS) of China's zzcms team.
Absolute path information disclosure vulnerability exists in zzcms 2022. An unauthenticated attacker can take advantage of this vulnerability by sending a get request to "/one/siteinfo.php" (the get request is changed to "//one/siteinfo.php") to obtain the error information returned by the server showing the location (absolute path) of the application.
POC:
get request to "/one/siteinfo.php" changed to "//one/siteinfo.php", to obtain the error information returned by the server showing the location (absolute path) of the application.
Affected pages:
All pages that contain page /one/siteinfo.php
The text was updated successfully, but these errors were encountered:
CVE-2022-40443
Discoverer:Yuan Lirong
Attack vector(s):
zzcms is a set of content management system (CMS) of China's zzcms team.
Absolute path information disclosure vulnerability exists in zzcms 2022. An unauthenticated attacker can take advantage of this vulnerability by sending a get request to "/one/siteinfo.php" (the get request is changed to "//one/siteinfo.php") to obtain the error information returned by the server showing the location (absolute path) of the application.
Product:
ZZCMS
Version:
ZZCMS 2022
Vendor Homepage:
http://www.zzcms.net/
Software Link:
http://www.zzcms.net/download/zzcms2022.zip
or
https://github.com/liong007/ZZCMS/releases/download/ZZCMS2022/zzcms2022.zip
POC:
get request to "/one/siteinfo.php" changed to "//one/siteinfo.php", to obtain the error information returned by the server showing the location (absolute path) of the application.
Affected pages:
All pages that contain page /one/siteinfo.php
The text was updated successfully, but these errors were encountered: