CVE-2018-9331

Published April 7th, 2018

View on NVD ↗

CVSS v3

7.5

HIGH

CVSS v2

6.4

MEDIUM

Affected

PROJECT

Description

An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.

cherryla/zzcms

GitHub