Primary

Context

zj1983 zz Vertical Privilege Escalation Vulnerability

Vulnerability

A critical vertical privilege escalation vulnerability has been identified in zj1983 zz versions through 2024-8. This vulnerability allows attackers to misuse the privileges of regular users to alter, delete, or add information related to administrators. The issue can be exploited remotely and has been publicly disclosed.

Impact

Exploitation of this vulnerability allows for unauthorized users to gain administrative privileges, enabling them to modify, delete, or add administrator-related information.

Reproduction

To reproduce this vulnerability, create a low-privilege user account. Once the account is set up, obtain the session cookie for the user. With this cookie, send a request to the 'UserDelete' endpoint, targeting an administrator account. The request should include the necessary headers to mimic a legitimate user action. If successful, the administrator account will be deleted, demonstrating the privilege escalation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

zj1983 zz Vertical Privilege Escalation Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating