Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zzzphp
(Zzzcms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 14 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-10-18 | CVE-2023-45909 | zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | Zzzphp | 6.1 | ||
| 2022-03-23 | CVE-2022-23881 | ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. | Zzzphp | 9.8 | ||
| 2019-02-24 | CVE-2019-9082 | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | Open_source_background_management_system, Thinkphp, Zzzphp | 8.8 | ||
| 2019-02-23 | CVE-2019-9041 | An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | Zzzphp | 7.2 | ||
| 2019-09-23 | CVE-2019-16722 | ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | Zzzphp | 9.8 | ||
| 2019-10-14 | CVE-2019-17408 | parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | Zzzphp | 9.8 | ||
| 2020-12-18 | CVE-2020-20298 | Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | Zzzphp | 9.8 | ||
| 2021-05-11 | CVE-2021-32605 | zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | Zzzphp | 9.8 | ||
| 2021-03-15 | CVE-2020-24877 | A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. | Zzzphp | 9.8 | ||
| 2021-02-05 | CVE-2020-18717 | SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | Zzzphp | 9.8 |