CVE-2021-40279

Name of the Vulnerable Software and Affected Versions zzcms versions 8.2 through 8.3 zzcms version 2020 zzcms version 2021

Description An SQL Injection issue exists via the id parameter in the "admin/bad.php" endpoint. This allows for potential exploitation.

Recommendations For zzcms versions 8.2 through 8.3, consider restricting access to the "admin/bad.php" endpoint until a fix is available. For zzcms version 2020, avoid using the id parameter in the affected endpoint until the issue is resolved. For zzcms version 2021, restrict access to the vulnerable module associated with the "admin/bad.php" endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.