NotCVE - vendor:"Zzzcms" product:"Zzzphp" version:"1.8.0"

2 results (0.009 seconds)

CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1

CVE-2021-32605

https://notcve.org/view.php?id=CVE-2021-32605

11 May 2021 — zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. zzzcms zzzphp versiones anteriores a 2.0.4, permite a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo al colocarlos en el parámetro keys de un URI ?location=search, como es demostrado por un comando del Sistema Operativo dentro de un bloque "if" "end if" • http://www.zzzcms.com/a/news/31_282_1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-24877

https://notcve.org/view.php?id=CVE-2020-24877

15 Mar 2021 — A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. Una vulnerabilidad de inyección SQL en zzzphp versión v1.8.0, por medio de /form/index.php?module=getjson puede conllevar a una posible omisión de restricción de acceso • https://github.com/h4ckdepy/zzzphp/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •