An issue exists in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
zzcms zzcms 2019