105 matches found
CVE-2020-20298
CVE-2020-20298 affects zzzphp 1.7.2, specifically the zzz_template.php file within the ParserTemplate class. The vulnerability is described as an eval injection in the parserCommom method, enabling remote attackers to execute arbitrary commands. The connected documents provide this exact descript...
ZZZCMS zzzphp 注入漏洞
zzphp is an open source free website building system. An Eval injection vulnerability exists in the parserCommom method of the ParserTemplate class in zzzztemplate.php in zzzphp 1.7.2. A remote attacker can exploit this vulnerability to execute arbitrary commands...
SQL injection vulnerability exists in zzzzphp (CNVD-2020-67552)
zzcms is a free website builder developed in asp language. There is a SQL injection vulnerability in zzzphp, which can be exploited by attackers to obtain sensitive database information...
Logic Flaw Vulnerability in zzzphp V1.7.5
zzphp is a free website builder developed in PHP language. A logic flaw vulnerability exists in zzzphp V1.7.5, which can be exploited by attackers to bypass CAPTCHA validation and gain access to sensitive information on a website...
SQL Injection Vulnerability in zzzphp version 1.7.5
zzphp is a content management system CMS. A SQL injection vulnerability exists in zzzphp version 1.7.5, which can be exploited by attackers to obtain sensitive database information...
SQL Injection Vulnerability in zzzphp 1.7.5
zzphp is a content management system CMS. A SQL injection vulnerability exists in zzzphp 1.7.5, which can be exploited by attackers to obtain sensitive information from the database...
zzzphp v1.7.5 Command Execution Vulnerability in Backend
zzphp is a content management system CMS. A command execution vulnerability exists in the backend of zzzphp v1.7.5, which can be exploited by attackers to execute malicious code...
SQL injection vulnerability in the b*** parameter of the zzzphp sa***.php page
zzphp is a PHP and MYSQL based CMS, free open source building system. zzzphp sa.php page b parameters exist SQL injection vulnerability, an attacker can exploit the vulnerability to obtain database sensitive information...
ZZZphp sa***.php page li*** parameter has SQL injection vulnerability
ZZZphp is a PHP and MYSQL based on free open source website building system . ZZZphp sa.php page li parameter SQL injection vulnerability, an attacker can use the vulnerability to obtain database sensitive information...
zzzphp V1.7.4 SQL Injection Vulnerability in Backend
zzphp is a free website builder developed in PHP language. zzzphp V1.7.4 suffers from a SQL injection vulnerability in the backend, which can be exploited by attackers to obtain sensitive information...
SQL injection vulnerability in zzzphp sa***.php page
zzphp is a free website builder developed in PHP language. A SQL injection vulnerability exists in the zzzphp sa.php page, which can be exploited by attackers to obtain sensitive information...
ZZZCMS zzzphp input validation error vulnerability (CNVD-2020-14279)
ZZZCMS zzzphp is a content management system CMS. An input validation error vulnerability exists in the 'parserIfLabel' function of the inc/zzztemplate.php file in ZZZCMS zzzphp version 1.7.3, which can be exploited by a remote attacker to bypass the 'danger key' function to execute arbitrary cod...
CVE-2019-17408
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
CVE-2019-17408
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
Code injection
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
CVE-2019-17408
Affected software: ZZZCMS zzzphp 1.7.3. The issue is in parserIfLabel within inc/zzz_template.php, where the danger_key function can be bypassed (e.g., via strtr), enabling remote attackers to execute arbitrary code. This is the explicit root cause and consequence stated across multiple sources. ...
CVE-2019-17408
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
CVE-2019-16720
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2019-16722
CVE-2019-16722 affects ZZZCMS zzzphp v1.7.2. The vulnerability arises from an insufficient protection mechanism against PHP Code Execution, where a passthru call bypasses a str_ireplace operation. The connected documents consistently describe this flaw across sources (Red Hat, NVD, CVE registries...