CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-19959

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendmail.php.md
https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendmail.php.md

Products affected by CVE-2020-19959

Zzcms » Zzcms » Version: 2019

cpe:2.3:a:zzcms:zzcms:2019

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-19959

Products

Pricing

Contact Us