CVE-2024-43011: Path Traversal
First published: Fri Aug 16 2024(Updated: )
An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to delete arbitrary files on the server. This can lead to the deletion of critical files, potentially disrupting the normal operation of the system.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZZCMS | <2023 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-43011?
CVE-2024-43011 is considered a high severity vulnerability due to the potential for arbitrary file deletion.
How do I fix CVE-2024-43011?
To fix CVE-2024-43011, ensure proper input validation and sanitization for file paths to prevent directory traversal attacks.
What versions of ZZCMS are affected by CVE-2024-43011?
CVE-2024-43011 affects ZZCMS version 2023 and earlier.
Can CVE-2024-43011 be exploited remotely?
Yes, CVE-2024-43011 can be exploited remotely if an attacker can access the vulnerable admin interface.
What are the potential consequences of exploiting CVE-2024-43011?
Exploiting CVE-2024-43011 allows an attacker to delete arbitrary files from the server, which can lead to data loss or service disruption.
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- agent/author
- collector/nvd-api
- source/NVD
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/zzcms
- canonical/zzcms