Share:

CVE-2019-17408 - Zzcms Zzcms

October 14, 2019

Critical 9.8

parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.

Affected software

Zzcms Zzcms

Reference links

https://github.com/Tardis07/CVE_GO/blob/master/zzzphp_code_execution_v1.7.3.md

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.