4 matches found
ZZCMS sendmailto.php SQL Injection Vulnerability
ZZCMS is a content management system CMS by the ZZCMS team in China. A SQL injection vulnerability exists in ZZCMS version 2022, which originates from /admin/sendmailto.php?tomail=&groupid= lack of validation of externally entered SQL statements. An attacker can exploit the vulnerability to execu...
CVE-2022-40446
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=...
CVE-2022-40446
CVE-2022-40446 affects ZZCMS 2022; a SQL injection exists in the admin/sendmailto.php endpoint via the parameters tomail and groupid, due to lack of input validation. This vulnerability is described across multiple sources (Red Hat, CNVD, CVE records, OSV, CNVD) with a high impact (C, I, A) and n...
PT-2022-6559 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS version 2022 Description: The issue is related to a SQL injection vulnerability in the ZZCMS system, specifically in the admin/sendmailto.php component. This vulnerability arises from the lack of protection against SQL query structure...