CVE-2018-8966
The CVE-2018-8966 entry affects zzcms version 8.2, where the siteurl parameter of install/index.php can be exploited to inject PHP code. The issue is demonstrated by injecting a phpinfo() call into /inc/config.php, indicating code execution via a parameter. Several connected sources corroborate t...