3.3

CVE-2025-14836

ZZCMS User Data Storage user_save.php cleartext storage in file

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ZzcmsZzcms Version2025
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.18% 0.071
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 2 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 2.7 1.2 1.4
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
cna@vuldb.com 3.3 6.4 2.9
AV:N/AC:L/Au:M/C:P/I:N/A:N
CWE-312 Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

CWE-313 Cleartext Storage in a File or on Disk

The product stores sensitive information in cleartext in a file, or on disk.

https://note-hxlab.wetolink.com/share/bu2KYevoyBm6
Third Party Advisory
https://vuldb.com/?ctiid.336986
VDB Entry
Permissions Required
https://vuldb.com/?id.336986
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.711654
Third Party Advisory
VDB Entry