zzzphp CMS 1.6.1 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link:...

zzzphp CMS 1.6.1 Cross Site Request Forgery

Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on:...

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on:...

ZZZPHP CMS 1.6.1 Remote Code Execution

Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...

zzzphp CMS 1.6.1 - Remote Code Execution

zzzphp CMS 1.6.1 - Remote Code Execution Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version:...

zzzphp CMS 1.6.1 - Remote Code Execution

Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...

CVE-2018-20127

An issue was discovered in zzzphp cms 1.5.8. delfile in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because for example "php" is blocked but path=F:/1.phP. succeeds...

Code injection

An issue was discovered in zzzphp cms 1.5.8. delfile in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because for example "php" is blocked but path=F:/1.phP. succeeds...

CVE-2018-20127

zzzphp cms 1.5.8 contains a flaw in the del_file function of /admin/save.php that permits remote deletion of arbitrary files via a mixed-case extension and an extra '.' character (e.g., path=F:/1.phP.). Root cause: improper validation of file extensions and path syntax leads to arbitrary file del...

CVE-2018-20127

An issue was discovered in zzzphp cms 1.5.8. delfile in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because for example "php" is blocked but path=F:/1.phP. succeeds...