Zzzphp@1.7.2 Security Vulnerabilities and Issues — Zzzphp@1.7.2 CVE List

Lucene search

ZzzcmsZzzphp1.7.2

2 matches found

CVE•added 2019/09/23 2:15 p.m.•39 views

CVE-2019-16720

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.

7.5CVSS7.5AI score0.00282EPSS

CVE•added 2019/09/23 2:15 p.m.•37 views

CVE-2019-16722

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.

9.8CVSS9.5AI score0.03559EPSS