Vulnerabilities > Zzzcms > Zzzphp > 1.8.0

DATE CVE VULNERABILITY TITLE RISK
2021-05-11 CVE-2021-32605 OS Command Injection vulnerability in Zzzcms Zzzphp
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.
network
low complexity
zzzcms CWE-78
critical
9.8
2021-03-15 CVE-2020-24877 SQL Injection vulnerability in Zzzcms Zzzphp 1.8.0
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
network
low complexity
zzzcms CWE-89
critical
9.8