Zzzphp@1.6.1 Security Vulnerabilities and Issues — Zzzphp@1.6.1 CVE List

Lucene search

ZzzcmsZzzphp1.6.1

3 matches found

CVE•added 2019/02/24 6:29 p.m.•1187 views

CVE-2019-9082

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

9.3CVSS8.7AI score0.94149EPSS

CVE•added 2019/02/23 6:29 p.m.•85 views

CVE-2019-9041

An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.

7.2CVSS7.1AI score0.85674EPSS

CVE•added 2019/02/26 7:29 a.m.•28 views

CVE-2019-9182

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.

8.8CVSS8.8AI score0.00145EPSS