CVE-2019-17408
CRITICALZZZCMS zzzphp 1.7.3 - Remote Code Execution via Template Parser Bypass
Title source: llmDescription
parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/Tardis07/CVE_GO/blob/master/zzzphp_code_execution_v1.7.3.md
Scores
CVSS v3
9.8
EPSS
0.0369
EPSS Percentile
88.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
zzzcms/zzzphp
1.7.3
Published
Oct 14, 2019
Tracked Since
Feb 18, 2026