NotCVE - vendor:"Zzzcms" product:"Zzzphp" version:"

Page 2 of 12 results (0.023 seconds)

CVSS: 7.2EPSS: 4%CPEs: 1EXPL: 2

CVE-2019-9041 – zzzphp CMS 1.6.1 - Remote Code Execution

https://notcve.org/view.php?id=CVE-2019-9041

23 Feb 2019 — An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. Se ha descubierto un problema en ZZZCMS zzzphp V1.6.1. En el archivo inc/zzz_template.php, el filtrado de la función parserIfLabel() no es estricto, lo que resulta en la ejecución de código PHP, tal y como queda demostrado por la subcadena if:assert. ZZZPHP CMS version 1.6.1 suffers from a remot... • https://packetstorm.news/files/id/151824 • CWE-917: Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-20127

https://notcve.org/view.php?id=CVE-2018-20127

13 Dec 2018 — An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds. Se ha descubierto un problema en zzzphp cms 1.5.8. del_file en /admin/save.php permite que atacantes remotos eliminen archivos arbitrarios mediante una extensión con mayúsculas y minúsculas y un carácter "." extra. Esto se debe a que, por ejemplo, "php" se bloquea, ... • http://www.iwantacve.cn/index.php/archives/89 • CWE-20: Improper Input Validation •

1 2