CVE-2019-9078

Name of the Vulnerable Software and Affected Versions zzcms version 2019

Description The issue concerns a security problem where an attacker can execute arbitrary code. This is possible due to the lack of proper input validation in the ask.php file when the do parameter is set to modify. Specifically, the inc/stopsqlin.php script fails to block mixed-case strings, such as sCrIpT, allowing for potential exploitation.

Recommendations For zzcms version 2019, consider restricting access to the ask.php file, specifically when the do parameter is set to modify, until a proper fix is applied. As a temporary workaround, ensure that all input to the ask.php file is thoroughly validated to prevent malicious code execution.