Path Disclosure Vulnerability in zzcms 8.2

Path Disclosure Vulnerability in zzcms 8.2

CVE-2018-7434 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.

Learn more about our Api Penetration Testing.