Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2018-16344

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.

  • Published: Sep 2, 2018
  • Updated: Apr 13, 2023
  • CVE: CVE-2018-16344
  • Severity: High
  • Exploit:

CVSS v3:

  • Severity: High
  • Score: 7.5
  • AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

  • Severity: Medium
  • Score: 6.4
  • AV:N/AC:L/Au:N/C:N/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
zzcms / zzcms 8.3 8.3.x