VYPR
Critical severity9.8NVD Advisory· Published Apr 8, 2024· Updated Apr 15, 2026

CVE-2024-27488

CVE-2024-27488

Description

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default.

Affected products

2
  • Zlmediakit/Zlmediakitinferred2 versions
    >=1.0,<=8.0+ 1 more
    • (no CPE)range: >=1.0,<=8.0
    • (no CPE)range: 1.0 through 8.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.