Path traversal

2018-02-2403:29:00

PRIOn knowledge base

www.prio-n.com

5.4 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.5%

JSON

zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.

CPENameOperatorVersion
zzcmseq8.2

CPE	Name	Operator	Version
	zzcms	eq	8.2

References

github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md

kongxin.gitbook.io/zzcms-8-2-bug/