CVE-2018-17412
CVE-2018-17412 affects the ZZCMS package, specifically v8.3, with a SQL injection in /user/logincheck.php exploitable via the X-Forwarded-For HTTP header. The issue stems from unsafely incorporating header data into SQL queries, enabling an attacker to execute arbitrary SQL. CVSS data indicates h...