PT-2019-15138 · Zzcms · Zzcms
Publicado
2019-10-14
·
Atualizado
2021-07-21
·
CVE-2019-17408
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZZZCMS zzzphp version 1.7.3
Description
The issue allows remote attackers to execute arbitrary code. This is possible because the
danger key function can be bypassed via manipulations such as strtr.Recommendations
For ZZZCMS zzzphp version 1.7.3, consider disabling the
parserIfLabel in inc/zzz template.php until a patch is available. Restrict access to the danger key function to minimize the risk of exploitation. Avoid using manipulations such as strtr in the affected code until the issue is resolved.Exploit
Correção
Code Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Zzcms