CVE-2019-9182

2019-02-2607:00:00

mitre

www.cve.org

AI Score

Confidence

High

EPSS

0.001

Percentile

44.9%

JSON

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.

References

www.iwantacve.cn/index.php/archives/119/