CVE-2021-42945

Name of the Vulnerable Software and Affected Versions ZZCMS 2021

Description A SQL Injection issue exists due to inadequate protection of the SQL query structure when handling the askbigclassid parameter. This allows a remote attacker to execute arbitrary SQL queries via the /admin/ask.php API endpoint.

Recommendations For ZZCMS 2021, as a temporary workaround, consider restricting access to the /admin/ask.php API endpoint until a patch is available. Avoid using the askbigclassid parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.