CVE-2019-9041

Name of the Vulnerable Software and Affected Versions ZZZCMS zzzphp version 1.6.1

Description An issue in the inc/zzz template.php file allows for PHP code execution due to insufficient filtering in the parserIfLabel() function. This can be exploited using specific substrings, such as if:assert.

Recommendations For ZZZCMS zzzphp version 1.6.1, consider disabling the parserIfLabel() function as a temporary workaround until a patch is available. Restrict access to the inc/zzz template.php file to minimize the risk of exploitation. Avoid using the if:assert substring in the affected functionality until the issue is resolved.