CVE-2022-40443: Path Traversal
First published: Thu Sep 22 2022(Updated: )
An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zzcms Zzcms | =2022 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-40443?
CVE-2022-40443 is an absolute path traversal vulnerability in ZZCMS 2022 that allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.
How do attackers exploit CVE-2022-40443?
Attackers exploit CVE-2022-40443 by sending a crafted GET request to /one/siteinfo.php to traverse the file system and obtain sensitive information.
How can I mitigate the impact of CVE-2022-40443?
To mitigate the impact of CVE-2022-40443, apply the latest security patches or updates provided by ZZCMS and ensure that external input is properly validated and sanitized.
Does CVE-2022-40443 affect all versions of ZZCMS?
CVE-2022-40443 affects ZZCMS 2022. Other versions may or may not be affected, so it is recommended to check with the vendor for specific version information.
Are there any known exploits for CVE-2022-40443?
There are no known public exploits specifically targeting CVE-2022-40443 at this time. However, it is important to apply security patches and updates to prevent exploitation.
- collector/nvd-index
- vendor/zzcms
- canonical/zzcms zzcms
- version/zzcms zzcms/2022