CVE-2019-1010151 - Vulnerability Details

Vendors	Products
Zzcms	Zzmcms

Link	Providers
https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "zzmcms", "vendor": "zzcms", "versions": [{"status": "affected", "version": "\u2264 8.3"}]}], "descriptions": [{"lang": "en", "value": "zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php."}], "problemTypes": [{"descriptions": [{"description": "File Delete to getshell", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-07-19T13:56:32", "orgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "shortName": "dwf"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve-assign@distributedweaknessfiling.org", "ID": "CVE-2019-1010151", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "zzmcms", "version": {"version_data": [{"version_value": "\u2264 8.3"}]}}]}, "vendor_name": "zzcms"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "File Delete to getshell"}]}]}, "references": {"reference_data": [{"name": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5", "refsource": "MISC", "url": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:07:18.089Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5"}]}]}, "cveMetadata": {"assignerOrgId": "7556d962-6fb7-411e-85fa-6cd62f095ba8", "assignerShortName": "dwf", "cveId": "CVE-2019-1010151", "datePublished": "2019-07-19T13:56:32", "dateReserved": "2019-03-20T00:00:00", "dateUpdated": "2024-08-05T03:07:18.089Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : zzmcms (string)

vendor : zzcms (string)

versions : [ »

0 : { »

status : affected (string)

version : ≤ 8.3 (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : File Delete to getshell (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-07-19T13:56:32 (string)

orgId : 7556d962-6fb7-411e-85fa-6cd62f095ba8 (string)

shortName : dwf (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve-assign@distributedweaknessfiling.org (string)

ID : CVE-2019-1010151 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : zzmcms (string)

version : { »

version_data : [ »

0 : { »

version_value : ≤ 8.3 (string)

}

]

}

]

}

vendor_name : zzcms (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : File Delete to getshell (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5 (string)

refsource : MISC (string)

url : https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T03:07:18.089Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 7556d962-6fb7-411e-85fa-6cd62f095ba8 (string)

assignerShortName : dwf (string)

cveId : CVE-2019-1010151 (string)

datePublished : 2019-07-19T13:56:32 (string)

dateReserved : 2019-03-20T00:00:00 (string)

dateUpdated : 2024-08-05T03:07:18.089Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zzcms:zzmcms:*:*:*:*:*:*:*:*", "matchCriteriaId": "5FC73196-AB4E-4C9C-8CDF-DAE5070748D9", "versionEndIncluding": "8.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php."}, {"lang": "es", "value": "zzmcms versi\u00f3n 8.3 y anteriores de zzcms, est\u00e1n afectados por: Eliminaci\u00f3n de Archivo para getshell. El impacto es: getshell. El componente es: el archivo /user/ppsave.php."}], "id": "CVE-2019-1010151", "lastModified": "2024-11-21T04:17:59.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-07-19T14:15:12.233", "references": [{"source": "josh@bress.net", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5"}], "sourceIdentifier": "josh@bress.net", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:zzcms:zzmcms:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 5FC73196-AB4E-4C9C-8CDF-DAE5070748D9 (string)

versionEndIncluding : 8.3 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php. (string)

}

1 : { »

lang : es (string)

value : zzmcms versión 8.3 y anteriores de zzcms, están afectados por: Eliminación de Archivo para getshell. El impacto es: getshell. El componente es: el archivo /user/ppsave.php. (string)

}

]

id : CVE-2019-1010151 (string)

lastModified : 2024-11-21T04:17:59.843 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : HIGH (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 7.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 10 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2019-07-19T14:15:12.233 (string)

references : [ »

0 : { »

source : josh@bress.net (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5 (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Third Party Advisory (string)

]

url : https://gist.github.com/Lz1y/24a6368c7ffdc1af7292035dd16a97f5 (string)

}

]

sourceIdentifier : josh@bress.net (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-22 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object