Unrated severityNVD Advisory· Published Oct 23, 2024· Updated Oct 23, 2024
ZZCMS phome.php Ebak_DotranExecutSQL sql injection
CVE-2024-10291
Description
A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/LvZCh/zzcms2023/issues/3mitreexploitissue-tracking
- vuldb.commitrethird-party-advisory
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.