CVE-2019-9041
First published: Sat Feb 23 2019(Updated: )
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZZZCMS zzzphp | =1.6.1 | |
| =1.6.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2019-9041.
What is the severity level of CVE-2019-9041?
CVE-2019-9041 has a severity level of 7.2 (high).
How can the vulnerability be exploited?
The vulnerability can be exploited by executing PHP code through the if:assert substring.
Which version of ZZZCMS zzzphp is affected by this vulnerability?
Version 1.6.1 of ZZZCMS zzzphp is affected by this vulnerability.
Is there a fix available for this vulnerability?
No specific fix information is provided for this vulnerability. It is recommended to update to a patched version or apply necessary security measures.
- collector/nvd-index
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/zzzcms
- canonical/zzzcms zzzphp
- version/zzzcms zzzphp/1.6.1