SQL Injection Vulnerability in zzcms Admin Interface
CVE-2019-12353

7.2HIGH

Key Information:

Vendor

Zzcms

Status
Zzcms
Vendor
CVE Published:
17 June 2022

What is CVE-2019-12353?

A SQL injection vulnerability exists in the zzcms 2019 application specifically affecting the admin interface. This issue is triggered through the dl_sendmail.php file when an attacker with admin privileges manipulates the 'id' parameter. Successful exploitation could allow an attacker to execute arbitrary SQL queries, potentially leading to unauthorized access to sensitive data or administrative functions.

References

https://github.com/cby234/zzcms/issues/5
x_refsource_MISC

CVSS V3.1

Score:
7.2
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.