Lz1Y

Name of the Vulnerable Software and Affected Versions: zzcms versions 8.3 and earlier Description: The issue affects the /user/zssave.php component, allowing for file deletion to code execution, which can lead to getshell impact. Recommendations: For zzcms versions 8.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: zzcms versions 8.3 and earlier Description: The issue affects zzcms, allowing for SQL Injection, which can lead to zzcms file deletion and potentially code execution. Recommendations: For zzcms versions 8.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: zzcms versions 8.3 and earlier Description: The issue concerns a File Delete to Code Execution problem. It affects the `user/licence save.php` component. Recommendations: For zzcms versions 8.3 and earlier, update to a version later than 8.3 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: zzcms versions 8.3 and earlier Description: The issue affects the user/manage.php component, specifically lines 31-80, and can lead to code execution through file deletion, resulting in a potential getshell impact. Recommendations: For zzcms versions 8.3 and earlier, consider restricting access to the user/manage.php file until a patch is available. As a temporary workaround, avoid using the file deletion functionality in the affected component to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: zzcms versions 8.3 and earlier Description: The issue affects the zs/subzs.php component and is related to SQL Injection, which can lead to sql inject impact. Recommendations: For zzcms versions 8.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: zzcms versions 8.3 and earlier Description: The issue affects the /user/ppsave.php component, allowing File Delete to getshell, which can lead to getshell. Recommendations: For zzcms versions 8.3 and earlier, consider restricting access to the /user/ppsave.php component until a fix is available. As a temporary workaround, avoid using the vulnerable component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** zzcms versions 8.3 and earlier **Description** The issue is related to a SQL Injection vulnerability in the zt/top.php file at line 5. This vulnerability can be exploited when running zzcms in nginx, potentially allowing an attack via SQL injection. **Recommendations** For zzcms versions 8.3 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.