Vulnerabilities > Zzzcms > Zzzphp > 1.7.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 9.8 |
2020-12-18 | CVE-2020-20298 | Code Injection vulnerability in Zzzcms Zzzphp 1.7.2 Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | 9.8 |
2019-09-23 | CVE-2019-16722 | Unspecified vulnerability in Zzzcms Zzzphp 1.7.2 ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | 9.8 |
2019-09-23 | CVE-2019-16720 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms Zzzphp 1.7.2 ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | 7.5 |