ZKEACMS Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

An arbitrary file upload vulnerability has been identified in ZKEACMS version 4.1. This vulnerability allows attackers to execute arbitrary code by uploading a crafted file.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution on the server where ZKEACMS is hosted.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

6.5

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

10.0

exploitability

6.5

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ZKEACMS Arbitrary File Upload Vulnerability Allowing Code Execution

Vulnerability

Impact

Affected Products

ZKEACMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating