CVE-2019-12357

Name of the Vulnerable Software and Affected Versions zzcms version 2019

Description An issue was discovered in zzcms, where there is a SQL injection vulnerability in the /admin/deluser.php endpoint when the attacker has admin authority, via the id parameter.

Recommendations For zzcms version 2019, as a temporary workaround, consider restricting access to the /admin/deluser.php endpoint or validating and sanitizing the id parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.