CVE-2019-12358

Name of the Vulnerable Software and Affected Versions zzcms version 2019

Description An issue was discovered in zzcms, where there is a SQL injection vulnerability in the /dl/dl sendsms.php endpoint when the attacker has dls print authority, via the dlid cookie.

Recommendations For zzcms version 2019, as a temporary workaround, consider restricting access to the /dl/dl sendsms.php endpoint until a patch is available. Additionally, limit the use of the dlid cookie to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.