5 matches found
ZZZCMS 1.6.1 - Remote Code Execution
ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzztemplate.php file because the parserIfLabel function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring. id: CVE-2019-9041 info: name: ZZZCMS 1.6.1 - Remote Code Execution...
zzzphp CMS 1.6.1 - Remote Code Execution
Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...
ZZZPHP CMS 1.6.1 Remote Code Execution
Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...
zzzphp CMS 1.6.1 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zi...
CVE-2019-9041
ZZZCMS 1.6.1 is vulnerable to remote code execution via inc/zzz_template.php: parserIfLabel() filtering is not strict, allowing injection of PHP code (example: {if:assert($_POST[x])} and similar). This can enable arbitrary code execution on affected systems, with CVSS3.0 vector CVSS:3.0/AV:N/AC:L...