Remote Code Execution and Information Disclosure Vulnerability in zzCMS v.2023 via ueditor Component in controller.php

Remote Code Execution and Information Disclosure Vulnerability in zzCMS v.2023 via ueditor Component in controller.php

CVE-2023-42398 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.

Learn more about our Cms Pen Testing.