An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
Published May 24, 2021.
Zzcms Zzcms
