Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzzcms zzzphp 1.6.1 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2019-9041
An issue exists in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
Zzzcms Zzzphp 1.6.1
1 EDB exploit
8.8
CVSSv3
CVE-2019-9182
There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.
Zzzcms Zzzphp 1.6.1
8.8
CVSSv3
CVE-2019-9082
ThinkPHP prior to 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Thinkphp Thinkphp
Opensourcebms Open Source Background Management System 1.1.1
Zzzcms Zzzphp 1.6.1
1 EDB exploit
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started