VYPR
Unrated severityNVD Advisory· Published Sep 4, 2024· Updated Sep 4, 2024

CVE-2024-44820

CVE-2024-44820

Description

A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/. When accessed with the query parameter phome=ShowPHPInfo, the application executes the phpinfo() function, which exposes detailed information about the PHP environment, including server configuration, loaded modules, and environment variables.

Affected products

2
  • Zzcms/Zzcmscpe-rescue2 versions
    (expand)+ 1 more
    • (no CPE)
    • (no CPE)range: <= 2023

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.