CVE-2020-19959: SQL Injection
First published: Thu Oct 14 2021(Updated: )
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zzcms Zzcms | =2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2020-19959.
What is the affected software for this vulnerability?
The affected software is zz cms version 2019.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by manipulating the dlid parameter in the /dl/dl_sendmail.php page cookie to perform SQL injection attacks and retrieve sensitive data.
What is the severity rating of this vulnerability?
The severity rating of this vulnerability is 7.5 (high).
Is there a fix available for this vulnerability?
Yes, it is recommended to update to a patched version of zz cms that addresses this SQL injection vulnerability.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/event
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/zzcms
- canonical/zzcms zzcms
- version/zzcms zzcms/2019