Vulnerabilities > Zzzcms > Zzzphp > 1.7.3

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2021-32605 OS Command Injection vulnerability in Zzzcms Zzzphp
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.
network
low complexity
zzzcms CWE-78
critical
 9.8
9.8
2019-10-14 CVE-2019-17408 Code Injection vulnerability in Zzzcms Zzzphp 1.7.3
parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
network
low complexity
zzzcms CWE-94
critical
 9.8
9.8