CVE-2020-19822

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2018

Description: A remote code execution issue in the template user.php file allows attackers to execute arbitrary PHP code. This is achieved via the ml and title parameters.

Recommendations: For ZZCMS version 2018, consider restricting access to the template user.php file until a patch is available. As a temporary workaround, avoid using the ml and title parameters in the affected template.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2020-19822

Affected Products

Zzcms

CVE-2020-19822

Weakness Enumeration

Related Identifiers

Affected Products

References · 5