PT-2018-14653 · Zzcms · Zzcms
Published
2018-10-29
·
Updated
2018-12-04
·
CVE-2018-18789
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
zzcms version 8.3
Description
An issue exists in zzcms where SQL Injection is possible. This occurs via the Host HTTP header to the
/zt/news.php endpoint from zt/top.php.Recommendations
For zzcms version 8.3, consider restricting access to the
/zt/news.php endpoint to minimize the risk of exploitation until a patch is available. Avoid using user-supplied input in the Host HTTP header to prevent SQL Injection attacks.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zzcms