CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-7434

zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.5%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md
https://kongxin.gitbook.io/zzcms-8-2-bug/
https://github.com/kongxin520/zzcms/blob/master/zzcms_8.2_bug.md
https://kongxin.gitbook.io/zzcms-8-2-bug/

Products affected by CVE-2018-7434

Zzcms » Zzcms » Version: 8.2

cpe:2.3:a:zzcms:zzcms:8.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-7434

Products

Pricing

Contact Us