Primary

Context

zj1983 zz Denial-of-Service Vulnerability in File Handler Component

Vulnerability

A denial-of-service vulnerability has been identified in zj1983 zz versions through 2024-8. The issue arises in the File Handler component, specifically within the deleteLocalFile function of ZfileAction.java. The vulnerability is triggered by manipulating the zids parameter, leading to arbitrary file deletion. This issue can be exploited remotely.

Impact

Exploitation of this vulnerability causes a denial-of-service condition by allowing arbitrary files to be deleted, which could disrupt normal application functionality or user operations.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the deleteLocalFile endpoint. Send a GET request including the zids parameter with the path of a file to be deleted. The request must be made with a valid session cookie.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

zj1983 zz Denial-of-Service Vulnerability in File Handler Component

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating