CVE-2018-16344: Path Traversal
First published: Sun Sep 02 2018(Updated: )
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZZCMS | =8.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2018-16344?
CVE-2018-16344 is classified as a critical vulnerability due to its potential to allow remote attackers to delete arbitrary files.
How do I fix CVE-2018-16344?
To mitigate CVE-2018-16344, it is essential to upgrade to a patched version of zzcms that addresses this directory traversal vulnerability.
What systems are affected by CVE-2018-16344?
CVE-2018-16344 specifically affects zzcms version 8.3.
What can an attacker achieve with CVE-2018-16344?
An attacker exploiting CVE-2018-16344 can potentially delete the install.lock file, gaining unauthorized access to the database.
Is there a known exploit for CVE-2018-16344?
Yes, there are publicly available exploits that demonstrate the capability of CVE-2018-16344 to perform unauthorized file deletions via directory traversal.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/zzcms
- canonical/zzcms
- version/zzcms/8.3