CVE-2020-20298

CRITICAL

zzzphp 1.7.2 - Remote Code Execution via ParserTemplate parserCommom Method

Title source: llm
STIX 2.1

Description

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.

References (1)

Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://y4er.com/post/zzzphp-rce/

Scores

CVSS v3 9.8
EPSS 0.0265
EPSS Percentile 83.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-94
Status published
Products (1)
zzzcms/zzzphp 1.7.2
Published Dec 18, 2020
Tracked Since Feb 18, 2026