CVE-2024-2016

Published: Mar 21, 2024Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability.

Affected (1)

Products: Zhicms: Zhicms

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zhicms Zhicms	Version 4.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (6)

https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.255270

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.255270

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://vuldb.com/?ctiid.255270

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.255270

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.