PT-2021-10427 · Zzcms · Zzcms

Published

2021-10-14

Updated

2021-10-19

CVE-2020-19961

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: zz cms version 2019

Description: A SQL injection issue has been found that allows attackers to retrieve sensitive data via the component subzs.php.

Recommendations: For zz cms version 2019, consider restricting access to the subzs.php component until a fix is available. As a temporary workaround, review and modify the component to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-19961

Affected Products

Zzcms

PT-2021-10427 · Zzcms · Zzcms

CVE-2020-19961

Weakness Enumeration

Related Identifiers

Affected Products

References · 6