zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.
CVSS Score
9.8
EPSS Score
0.219
Published
2021-05-11
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-03-15