CVE-2022-40443 Scanner

ZZCMS is a widely used content management system designed for creating websites and managing content efficiently. It is commonly adopted by small to medium-sized businesses due to its ease of use and customizable features. ZZCMS provides tools for managing web pages, users, and other resources, making it suitable for a variety of industries.

The detected vulnerability is a Path Information Disclosure flaw in ZZCMS 2022. This vulnerability allows attackers to access sensitive server information via a specially crafted GET request. Improper validation and handling of user input in the `siteinfo.php` script contribute to this vulnerability.

Technically, the vulnerability exists in the `siteinfo.php` script, which fails to properly sanitize user input. Attackers can exploit this flaw by sending crafted requests to the affected endpoint, exposing absolute file paths and other sensitive details. These exposed paths can help attackers in further exploiting the system or launching targeted attacks.

Exploiting this vulnerability can lead to the disclosure of sensitive server information, including file system paths. This information could assist attackers in identifying additional vulnerabilities or preparing for more sophisticated attacks. Although the impact is limited to information disclosure, it still poses a risk to the overall security of the system.

REFERENCES

• https://github.com/liong007/ZZCMS/issues/1
• https://nvd.nist.gov/vuln/detail/CVE-2022-40443