Vulnerabilities > Zzzcms > Zzzphp > 1.6.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 9.8 |
2019-03-30 | CVE-2019-10647 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms Zzzphp 1.6.3 ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. | 9.8 |