CVE-2018-16344

Published September 2nd, 2018

View on NVD ↗

CVSS v3

N/A

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.

cumtxujiabin/CmsPoc

GitHub