What is CVE-2024-2016?

CVE-2024-2016 is a critical code injection vulnerability affecting ZhiCms 4.0, a Content Management System. This security issue can impact the confidentiality, integrity, and availability of affected systems. While the vulnerability is classified as medium severity, it poses a risk to systems running ZhiCms 4.0. Users should be aware of this vulnerability and take necessary precautions to protect their systems from potential exploitation.

Who is impacted by CVE-2024-2016?

This vulnerability affects users of ZhiCms 4.0, a Content Management System. This code injection vulnerability can impact the confidentiality, integrity, and availability of systems running ZhiCms 4.0. If you're using this version, it's important to be aware of this security issue and take necessary precautions to protect your system from potential exploitation.

What should I do if I’m affected?

If you're affected by the CVE-2024-2016 vulnerability, it's crucial to take action to protect your system. Stay informed about the vulnerability and monitor for updates or patches. Consider replacing the affected object with an alternative product. Implement strong security practices and follow best practices for your Content Management System.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2024-2016 vulnerability, also known as ZhiCms setcontroller.php index code injection, was added to the public record on February 29, 2024. Information about its presence in CISA's Known Exploited Vulnerabilities Catalog is not available.

Weakness Enumeration

The weakness enumeration for this vulnerability is categorized as CWE-94, which involves improper control of code generation, leading to code injection issues.

Learn More

For a comprehensive understanding of this vulnerability, including technical details and potential countermeasures, refer to the NVD page and the sources listed below.

• VulDB: ZhiCms setcontroller.php index code injection

• Gist GitHub: Advisory

• scip Labs