CyberSec.Space Logo
Back to CVE Browser

CVE-2020-18717

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1730%
EPSS Percentile41.56th
PublishedFeb 5, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.

Affected Platforms (CPE)

📦
Zzzcms

Zzzphp

= 1.7.1

References & Advisories

🔗 https://www.seebug.org/vuldb/ssvid-98031
🔗 https://www.seebug.org/vuldb/ssvid-98031

Related Vulnerabilities

CVE-2019-174089.8

parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_...

CVE-2019-106479.8

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.ph...

CVE-2019-167229.8

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplac...

CVE-2020-202989.8

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows rem...