CVE-2019-10647

Name of the Vulnerable Software and Affected Versions ZZZCMS zzzphp version 1.6.3

Description The issue allows remote attackers to execute arbitrary PHP code via a .php URL in the "plugins/ueditor/php/controller.php?action=catchimage" API endpoint, specifically through the source[] parameter, due to a lack of restrictions in inc/zzz file.php. This can be exploited by providing a URL such as "http://192.168.0.1/test.php" if the web server at 192.168.0.1 does not interpret .php files and instead sends their contents.

Recommendations For ZZZCMS zzzphp version 1.6.3, consider restricting access to the "plugins/ueditor/php/controller.php?action=catchimage" API endpoint and limiting the use of the source[] parameter until a patch is available. Additionally, ensure that any web server used in conjunction with this software interprets .php files correctly to prevent exploitation.