CVE-2020-18717

Name of the Vulnerable Software and Affected Versions: ZZZCMS zzzphp version 1.7.1

Description: The issue allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz template.php. This enables attackers to inject SQL code, potentially leading to unauthorized access or data manipulation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations: For ZZZCMS zzzphp version 1.7.1, consider disabling the inc/zzz template.php file or restricting access to it until a patch is available. Additionally, ensure proper parameter filtering is implemented to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.