Login Sign Up

CVE-2021-43703

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

This vulnerability allows unauthenticated attackers to bypass authentication controls in zzcms by disabling JavaScript and directly accessing admin.php. Any organization running vulnerable versions of zzcms is affected, potentially exposing administrative functions to unauthorized users.

💻 Affected Systems

Products:
  • zzcms
Versions: All versions up to and including 2019
Operating Systems: Any OS running zzcms (typically Linux/Windows web servers)
Default Config Vulnerable: ⚠️ Yes
Notes: Affects all installations where admin.php is accessible and JavaScript can be disabled by the client.

📦 What is this software?

Zzcms by Zzcms

View all CVEs affecting Zzcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the CMS system allowing attackers to modify content, steal data, install backdoors, or pivot to other systems.

🟠

Likely Case

Unauthorized access to administrative functions leading to content manipulation, user data exposure, or configuration changes.

🟢

If Mitigated

Limited impact with proper network segmentation and additional authentication layers preventing access to administrative interfaces.

🌐 Internet-Facing: HIGH - Directly accessible via web interface with no authentication required when exploited.
🏢 Internal Only: MEDIUM - Still significant risk if internal users can access the vulnerable interface.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple exploit requiring only browser access and JavaScript disabling. No special tools or skills needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown - no official patch documented

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check if zzcms version is 2019 or earlier. 2. Consider upgrading to a newer version if available. 3. Apply workarounds if upgrade not possible.

🔧 Temporary Workarounds

Access Control Enhancement

all

Implement server-side authentication checks independent of JavaScript

Modify admin.php to include server-side session validation before any admin functionality

IP Restriction

linux

Restrict access to admin.php to specific IP addresses

# Apache: <Files "admin.php">
Require ip 192.168.1.0/24
</Files>
# Nginx: location ~ admin\.php$ {
allow 192.168.1.0/24;
deny all;
}

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block unauthorized access to admin.php
  • Place administrative interface behind VPN or additional authentication layer

🔍 How to Verify

Check if Vulnerable:

1. Access the zzcms installation URL. 2. Disable JavaScript in browser. 3. Navigate to /admin.php. 4. If admin interface loads without authentication, system is vulnerable.

Check Version:

Check zzcms version in admin panel or look for version information in source files

Verify Fix Applied:

Repeat the vulnerability check steps; admin.php should require proper authentication regardless of JavaScript status.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated access to admin.php
  • Multiple failed login attempts followed by successful admin.php access without credentials

Network Indicators:

  • Direct HTTP requests to admin.php without preceding authentication requests
  • Unusual admin.php access from unexpected IP addresses

SIEM Query:

source="web_access.log" AND (uri="/admin.php" OR uri="/admin.php?") AND (status=200 OR status=302) AND NOT (referer CONTAINS "login" OR user_agent CONTAINS "bot")

📊 Metadata

CVE ID: CVE-2021-43703
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Published: December 9, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON