CVE-2019-12352
CVE-2019-12352 describes a SQL injection vulnerability in zzcms 2019, exploitable in /dl/dl_sendmail.php via a dlid cookie when the attacker has dls_print authority. The issue arises from unsafely handling user-controlled data in the cookie which is used in a database query. Multiple connected so...