CVE-2024-10291

Name of the Vulnerable Software and Affected Versions ZZCMS version 2023

Description A critical issue has been found, affecting the function Ebak DoExecSQL/Ebak DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the phome argument leads to SQL injection. The attack can be initiated remotely.

Recommendations For ZZCMS version 2023, as a temporary workaround, consider restricting access to the vulnerable function Ebak DoExecSQL/Ebak DotranExecutSQL until a patch is available. Avoid using the phome argument in the affected file 3/Ebak5.1/upload/phome.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.