3 matches found
CVE-2018-13116
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcmsask table...
CVE-2018-13116
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcmsask table...
CVE-2018-13116
CVE-2018-13116 describes an SQL injection in zzcms 8.3 via the path /user/del.php when the attacker manipulates the tablename parameter after leveraging the zzcms_ask table. Multiple sources corroborate: NVD entry notes SQLi with a high/critical impact (CVSS v2: 7.5; CVSS v3: 9.8) affecting confi...