PT-2018-14653 · Zzcms · Zzcms
Publicado
2018-10-29
·
Atualizado
2018-12-04
·
CVE-2018-18789
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
zzcms version 8.3
Description
An issue exists in zzcms where SQL Injection is possible. This occurs via the Host HTTP header to the
/zt/news.php endpoint from zt/top.php.Recommendations
For zzcms version 8.3, consider restricting access to the
/zt/news.php endpoint to minimize the risk of exploitation until a patch is available. Avoid using user-supplied input in the Host HTTP header to prevent SQL Injection attacks.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zzcms