PT-2021-10425 · Zzcms · Zzcms

Published

2021-10-14

Updated

2021-10-19

CVE-2020-19959

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: zz cms version 2019

Description: A SQL injection issue allows attackers to retrieve sensitive data via the dlid parameter in the "/dl/dl sendmail.php" page cookie.

Recommendations: For zz cms version 2019, consider restricting access to the "/dl/dl sendmail.php" page or disabling the use of the dlid parameter in the cookie until a patch is available. Avoid using the dlid parameter in the affected page to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-19959

Affected Products

Zzcms

PT-2021-10425 · Zzcms · Zzcms

CVE-2020-19959

Weakness Enumeration

Related Identifiers

Affected Products

References · 4