Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-1010149

Summary
Assigner-dwf
Assigner Org ID-7556d962-6fb7-411e-85fa-6cd62f095ba8
Published At-23 Jul, 2019 | 13:07
Updated At-05 Aug, 2024 | 03:07
Rejected At-
Credits

zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:dwf
Assigner Org ID:7556d962-6fb7-411e-85fa-6cd62f095ba8
Published At:23 Jul, 2019 | 13:07
Updated At:05 Aug, 2024 | 03:07
Rejected At:
▼CVE Numbering Authority (CNA)

zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.

Affected Products
Vendor
zzcms
Product
zzcms
Versions
Affected
  • ≤ 8.3
Problem Types
TypeCWE IDDescription
textN/AFile Delete to Code Execution
Type: text
CWE ID: N/A
Description: File Delete to Code Execution
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb
x_refsource_MISC
Hyperlink: https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb
x_refsource_MISC
x_transferred
Hyperlink: https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:josh@bress.net
Published At:23 Jul, 2019 | 14:15
Updated At:21 Jul, 2021 | 11:39

zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
zzcms
zzcms
>>zzcms>>Versions up to 8.3(inclusive)
cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE ID: CWE-862
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421ebjosh@bress.net
Exploit
Third Party Advisory
Hyperlink: https://gist.github.com/Lz1y/e82eb9cc776e629b9d1874dc689421eb
Source: josh@bress.net
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

102Records found
CVE-2021-22891
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-9.8||CRITICAL
EPSS-0.51% / 65.26%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 11:15
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before 5.7.3, 5.8.3, 5.9.3, 5.10.1 and 5.11.18 may allow unauthenticated remote compromise of the Storage Zones Controller.

Action-Not Available
Vendor-n/aCitrix (Cloud Software Group, Inc.)
Product-sharefile_storagezones_controllerCitrix ShareFile Storage Zones Controller
CWE ID-CWE-862
Missing Authorization
CVE-2020-36239
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-9.8||CRITICAL
EPSS-16.17% / 94.55%
||
7 Day CHG~0.00%
Published-29 Jul, 2021 | 10:12
Updated-17 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated.

Action-Not Available
Vendor-Atlassian
Product-jira_data_centerjira_service_deskjira_service_managementJira Core Data CenterJira Service Management Data CenterJira Data CenterJira Software Data Centerjira_data_centerjira_service_deskjira_service_management
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found