This vulnerability in Zora: Post, Trade, Earn Crypto v2.60.0 enables attackers to overwrite critical internal files arbitrarily via the file import functionality. The flaw corresponds to CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), which typically involves directory traversal or path manipulation issues. Exploitation can result in arbitrary code execution or information disclosure, severely compromising the affected system. The CVSS 3.1 base score is 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting network attack vector, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. No patch or vendor advisory is currently available, and the affected versions are not specifically enumerated.

An attacker can overwrite critical internal files without authentication, potentially leading to full system compromise through arbitrary code execution or sensitive information leakage. The vulnerability affects confidentiality, integrity, and availability at a critical level. No known exploits have been reported in the wild so far.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict access to the file import functionality and monitor for suspicious activity related to file handling. Avoid using affected versions if possible and apply any vendor recommendations once published.