CVE-2025-0565

Name of the Vulnerable Software and Affected Versions ZZCMS version 2023

Description A critical issue has been found in the software, specifically a SQL injection flaw. This issue is related to the manipulation of the id argument in the "/index.php" file, allowing for remote attacks. The exploit for this issue has been publicly disclosed and is available for use.

Recommendations As a temporary workaround, consider restricting access to the "/index.php" file until a patch is available. Avoid using the id argument in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.