{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-2016","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2024-02-29T14:12:42.926Z","datePublished":"2024-02-29T21:31:04.756Z","dateUpdated":"2024-08-01T18:56:22.610Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2024-02-29T21:31:04.756Z"},"title":"ZhiCms setcontroller.php index code injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-94","lang":"en","description":"CWE-94 Code Injection"}]}],"affected":[{"vendor":"n/a","product":"ZhiCms","versions":[{"version":"4.0","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability."},{"lang":"de","value":"Es wurde eine Schwachstelle in ZhiCms 4.0 gefunden. Sie wurde als kritisch eingestuft. Es betrifft die Funktion index der Datei app/manage/controller/setcontroller.php. Durch Manipulation des Arguments sitename mit unbekannten Daten kann eine code injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2024-02-29T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2024-02-29T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2024-02-29T15:18:03.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"linyz-tel (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.255270","name":"VDB-255270 | ZhiCms setcontroller.php index code injection","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.255270","name":"VDB-255270 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5","tags":["exploit"]}]},"adp":[{"title":"CISA ADP Vulnrichment","metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-2016","role":"CISA Coordinator","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-05-21T18:38:52.427931Z"}}}],"affected":[{"cpes":["cpe:2.3:a:zhicms:zhicms:4.0:*:*:*:*:*:*:*"],"vendor":"zhicms","product":"zhicms","versions":[{"status":"affected","version":"4.0"}],"defaultStatus":"affected"}],"providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-06-04T17:29:49.912Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T18:56:22.610Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.255270","name":"VDB-255270 | ZhiCms setcontroller.php index code injection","tags":["vdb-entry","technical-description","x_transferred"]},{"url":"https://vuldb.com/?ctiid.255270","name":"VDB-255270 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required","x_transferred"]},{"url":"https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5","tags":["exploit","x_transferred"]}]}]}}