PT-2019-14794 · Zzz · Zzcms
Published
2019-09-23
·
Updated
2021-07-21
·
CVE-2019-16722
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZZZCMS zzzphp version 1.7.2
Description
The issue is related to an insufficient protection mechanism against PHP code execution. Specifically, the
passthru function bypasses an str ireplace operation, which is intended to prevent certain types of attacks.Recommendations
For ZZZCMS zzzphp version 1.7.2, consider disabling the
passthru function as a temporary workaround until a patch is available. Restrict access to any modules or functions that utilize passthru to minimize the risk of exploitation.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Zzcms