EUVD-2019-7269

Malware in sbrugna...

EUVD-2019-2448

Malware in sbrugna...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

ZZZCMS zzzphp 安全漏洞

ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in ZZZCMS zzzphp version v2.1.0, which stems from incomplete filtering of user-entered parameters by the dangerkey function in zzztemplate.php...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

ZZZCMS zzzphp SQL Injection Vulnerability

ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in ZZZCMS zzzphp version 1.7.1, which allows remote attackers to exploit the vulnerability to execute arbitrary code...

CVE-2020-18717

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzztemplate.php...

CVE-2020-18717

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzztemplate.php...

CVE-2020-18717

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzztemplate.php...

CVE-2019-16720

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...

CVE-2019-16722

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...

ZZZCMS zzzphp input validation error vulnerability

ZZZCMS zzzphp is a content management system CMS. An input validation error vulnerability exists in ZZZCMS zzzphp v1.7.2, which can be exploited by an attacker to execute arbitrary code...

ZZZCMS zzzphp code injection vulnerability

ZZZCMS zzzphp is a content management system CMS. A code injection vulnerability exists in ZZZCMS zzzphp v1.6.3, which originates from a network system or product that does not properly filter specific elements of externally entered data during the construction of a code segment. An attacker can...

CVE-2019-9182

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter...

ZZZCMS zzzphp Cross-Site Request Forgery Vulnerability

ZZZCMS zzzphp is a content management system CMS. A cross-site request forgery vulnerability exists in ZZZCMS zzzphp version V1.6.1. A remote attacker can exploit this vulnerability to inject PHP code with the help of the 'file' and 'filetext' parameters...

zzzcms zzzphp dynamic code execution vulnerability

zzzcms zzzphp is a content management system CMS. A security vulnerability exists in version V1.6.1 of zzzcms zzzphp, which stems from a lax filtering of search template parsing on the search page. An attacker can exploit this vulnerability to execute PHP code...

Code injection

An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzztemplate.php file, the parserIfLabel function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring...

CVE-2019-9041

An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzztemplate.php file, the parserIfLabel function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring...