PT-2019-14794 · Zzz · Zzcms
Publicado
2019-09-23
·
Atualizado
2021-07-21
·
CVE-2019-16722
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZZZCMS zzzphp version 1.7.2
Description
The issue is related to an insufficient protection mechanism against PHP code execution. Specifically, the
passthru function bypasses an str ireplace operation, which is intended to prevent certain types of attacks.Recommendations
For ZZZCMS zzzphp version 1.7.2, consider disabling the
passthru function as a temporary workaround until a patch is available. Restrict access to any modules or functions that utilize passthru to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Zzcms