Vulnerabilities > Zzzcms > Zzzphp > 1.5.8

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2021-32605 OS Command Injection vulnerability in Zzzcms Zzzphp
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.
network
low complexity
zzzcms CWE-78
critical
 9.8
9.8
2018-12-13 CVE-2018-20127 Improper Input Validation vulnerability in Zzzcms Zzzphp 1.5.8
An issue was discovered in zzzphp cms 1.5.8.
network
low complexity
zzzcms CWE-20
7.5
7.5