← back
CVE-2024-0603

ZhiCms giftcontroller.php deserialization

CVSS 7.3 HIGHEPSS 0.9%CWE-502
Vexday Risk Score
21Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 7.3EPSS 0.9%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
16 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Affected products
n/a · ZhiCms

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →