Description
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
References (3)
Core 3
Core References
Broken Link x_refsource_misc
http://zzcms.com
Product, Third Party Advisory x_refsource_misc
https://github.com/forget-code/zzcms
Exploit, Third Party Advisory x_refsource_misc
https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20subzs.php.md
Scores
CVSS v3
7.5
EPSS
0.0079
EPSS Percentile
73.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (1)
zzcms/zzcms
2019
Published
Oct 14, 2021
Tracked Since
Feb 18, 2026