CVE-2024-2016

high

Description

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability.

References

https://vuldb.com/?id.255270

https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5

https://vuldb.com/?ctiid.255270

Details

Source: Mitre, NVD

Published: 2024-03-21

Updated: 2025-05-19

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00274