Login Sign Up

CVE-2024-7927

7.3 HIGH
Path Traversal

📋 TL;DR

This critical vulnerability in ZZCMS 2023 allows remote attackers to perform path traversal attacks via the skin[] parameter in /admin/class.php?dowhat=modifyclass. This could enable unauthorized file access, modification, or deletion. All ZZCMS 2023 installations with the vulnerable component exposed are affected.

💻 Affected Systems

Products:
  • ZZCMS
Versions: 2023 version
Operating Systems: All platforms running ZZCMS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires the /admin/class.php endpoint to be accessible. Default installations are vulnerable.

📦 What is this software?

Zzcms by Zzcms

View all CVEs affecting Zzcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote attackers could read, modify, or delete arbitrary files on the server, potentially leading to complete system compromise, data theft, or service disruption.

🟠

Likely Case

Attackers could access sensitive configuration files, source code, or user data, potentially leading to further exploitation or data breach.

🟢

If Mitigated

With proper network segmentation and access controls, impact would be limited to the web application directory only.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit details are publicly available. Attack requires access to the admin interface but no authentication bypass is mentioned.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor vendor channels for updates and apply immediately when released.

🔧 Temporary Workarounds

Restrict Admin Access

all

Block external access to /admin/ directory using web server configuration or firewall rules

# Apache: <Location /admin> Require ip 192.168.1.0/24 </Location>
# Nginx: location /admin { deny all; }

Input Validation

all

Add server-side validation to reject path traversal sequences in skin[] parameter

# PHP example: if (strpos($_GET['skin'], '..') !== false) { die('Invalid input'); }

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate ZZCMS from critical systems
  • Deploy web application firewall (WAF) with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Test if /admin/class.php?dowhat=modifyclass&skin[]=../../../../etc/passwd returns sensitive system files

Check Version:

Check ZZCMS version in admin panel or readme files

Verify Fix Applied:

Verify that path traversal attempts return error messages or are blocked

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to /admin/class.php with skin[] parameter containing '..' sequences
  • Unusual file access patterns from web process

Network Indicators:

  • Multiple failed path traversal attempts
  • Requests to sensitive file paths from web application

SIEM Query:

source="web_logs" AND uri="/admin/class.php" AND (param="skin" OR param="skin[]") AND (value=".." OR value="../")

📊 Metadata

CVE ID: CVE-2024-7927
CVSS v3 Score: 7.3 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-22
Published: August 19, 2024
Last Updated: September 4, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-7927, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)