CVE-2023-45554

Name of the Vulnerable Software and Affected Versions zzzCMS version 2.1.9

Description The issue allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg, gif, and png to jpg, jpeg, gif, png, pphphp. This enables the attacker to potentially upload malicious files.

Recommendations For zzzCMS version 2.1.9, consider restricting the imageext parameter to only allow jpg, jpeg, gif, and png file types until a patch is available. As a temporary workaround, restrict access to the file upload functionality to minimize the risk of exploitation.