Critical severity9.8NVD Advisory· Published Apr 10, 2022· Updated Jun 17, 2026
CVE-2022-27128
CVE-2022-27128
Description
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.
Affected products
2- zbzcms/zbzcmsdescription
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.