Vulnerability Database

318,003

Total vulnerabilities in the database

CVE-2018-17797

An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

  • Published: Sep 30, 2018
  • Updated: Nov 9, 2025
  • CVE: CVE-2018-17797
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5.5
  • AV:N/AC:L/Au:S/C:N/I:P/A:P

CWEs:

OWASP TOP 10:

Software From Fixed in
zzcms / zzcms 8.3 8.3.x