Yang Chenglong

**Name of the Vulnerable Software and Affected Versions** ZZZCMS zzzphp version 1.6.1 **Description** An issue in the inc/zzz template.php file allows for PHP code execution due to insufficient filtering in the parserIfLabel() function. This can be exploited using specific substrings, such as if:assert. **Recommendations** For ZZZCMS zzzphp version 1.6.1, consider disabling the parserIfLabel() function as a temporary workaround until a patch is available. Restrict access to the inc/zzz template.php file to minimize the risk of exploitation. Avoid using the if:assert substring in the affected functionality until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** ThinkPHP versions prior to 3.2.4 Open Source BMS version 1.1.1 zzzcms zzzphp **Description** A flaw exists in ThinkPHP related to improper handling of code generation when using backslashes ('') as delimiters in the controller name. This can allow a remote attacker to execute arbitrary commands. The issue involves the `public//?s=index/thinkapp/invokefunction&function=call user func array&vars[0]=system&vars[1][]=` API endpoint, where the `vars[1][]` parameter is used to inject and execute commands. The `call user func array` function is involved in the execution process. This issue has been actively exploited. **Recommendations** Versions prior to 3.2.4 should be updated to version 3.2.4 or later. For Open Source BMS version 1.1.1, update to a newer, patched version. For zzzcms and zzzphp, update to a newer, patched version.