CVE-2019-16720: Malicious File Upload
First published: Mon Sep 23 2019(Updated: )
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZZZCMS zzzphp | =1.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-16720?
CVE-2019-16720 is a vulnerability in ZZZCMS zzzphp v1.7.2 that allows unrestricted file upload in the controller.php file of the ueditor plugin.
How does CVE-2019-16720 affect ZZZCMS zzzphp?
CVE-2019-16720 allows an attacker to upload malicious files such as .htaccess or .php5 files to the news folder, potentially leading to remote code execution or arbitrary file access.
What is the severity of CVE-2019-16720?
CVE-2019-16720 has a severity rating of 7.5 (High).
How can I fix CVE-2019-16720?
To fix CVE-2019-16720, update ZZZCMS zzzphp to version 1.7.3 or later, which includes a patch for this vulnerability.
Where can I find more information about CVE-2019-16720?
You can find more information about CVE-2019-16720 at the following reference: http://www.iwantacve.cn/index.php/archives/333/
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/zzzcms
- canonical/zzzcms zzzphp
- version/zzzcms zzzphp/1.7.2