CVE-2019-12352

Name of the Vulnerable Software and Affected Versions zzcms version 2019

Description An issue was discovered in zzcms, where there is a SQL injection vulnerability in the /dl/dl sendmail.php endpoint when the attacker has dls print authority. This vulnerability can be exploited via the dlid cookie.

Recommendations For zzcms version 2019, as a temporary workaround, consider restricting access to the /dl/dl sendmail.php endpoint to minimize the risk of exploitation. Avoid using the dlid cookie in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.