CVE-2024-43011

An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
http://www.zzcms.net/about/download.html	Broken Link
https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43011%20ZZCMS2023%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E.md	Broken Link

Configurations

Configuration 1 (hide)

cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:*

History

21 Apr 2025, 14:57

Type	Values Removed	Values Added
First Time		Zzcms zzcms Zzcms
References	~~() http://www.zzcms.net/about/download.html -~~	() http://www.zzcms.net/about/download.html - Broken Link
References	~~() https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43011%20ZZCMS2023%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E.md -~~	() https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43011%20ZZCMS2023%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E.md - Broken Link
CPE		cpe:2.3:a:zzcms:zzcms::::::::

Information

Published : 2024-08-16 20:15

Updated : 2025-04-21 14:57

NVD link : CVE-2024-43011

Mitre link : CVE-2024-43011

CVE.ORG link : CVE-2024-43011

JSON object : View

Products Affected

zzcms

zzcms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2024-43011", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2024-08-16T20:15:13.497", "references": [{"url": "http://www.zzcms.net/about/download.html", "tags": ["Broken Link"], "source": "cve@mitre.org"}, {"url": "https://github.com/gkdgkd123/codeAudit/blob/main/CVE-2024-43011%20ZZCMS2023%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E.md", "tags": ["Broken Link"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system."}, {"lang": "es", "value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en el archivo admin/del.php en la l\u00ednea 62 en ZZCMS 2023 y versiones anteriores. Debido a una validaci\u00f3n y desinfecci\u00f3n insuficientes de la entrada del usuario para las rutas de los archivos, un atacante puede aprovechar esta vulnerabilidad utilizando t\u00e9cnicas de recorrido de directorio para eliminar archivos arbitrarios en el servidor. Esto puede provocar la eliminaci\u00f3n de archivos cr\u00edticos, lo que podr\u00eda alterar el funcionamiento normal del sistema."}], "lastModified": "2025-04-21T14:57:21.247", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FD00C13-599B-4944-99F6-83C9F44DB42F", "versionEndIncluding": "2023"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}