Lucene search

[email protected]NVD:CVE-2022-40443

HistorySep 22, 2022 - 2:15 p.m.

CVE-2022-40443

2022-09-2214:15:09

CWE-22

[email protected]

web.nvd.nist.gov

path traversal vulnerability

zzcms 2022

sensitive information

crafted get request

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.3%

JSON

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.

Affected configurations

NVD

Node

zzcmszzcmsMatch2022

References

github.com/liong007/ZZCMS/issues/1

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

42.3%

JSON

Related for NVD:CVE-2022-40443

cve1 prion1 cvelist1