PT-2019-15138 · Zzcms · Zzcms
Published
2019-10-14
·
Updated
2021-07-21
·
CVE-2019-17408
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ZZZCMS zzzphp version 1.7.3
Description
The issue allows remote attackers to execute arbitrary code. This is possible because the
danger key function can be bypassed via manipulations such as strtr.Recommendations
For ZZZCMS zzzphp version 1.7.3, consider disabling the
parserIfLabel in inc/zzz template.php until a patch is available. Restrict access to the danger key function to minimize the risk of exploitation. Avoid using manipulations such as strtr in the affected code until the issue is resolved.Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zzcms