CVE-2020-19961: SQL Injection
First published: Thu Oct 14 2021(Updated: )
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zzcms Zzcms | =2019 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SQL injection vulnerability?
The vulnerability ID for this SQL injection vulnerability is CVE-2020-19961.
What is the severity level of CVE-2020-19961?
The severity level of CVE-2020-19961 is high (7.5).
Which version of zz cms is affected by CVE-2020-19961?
CVE-2020-19961 affects zz cms version 2019.
How can attackers exploit CVE-2020-19961?
Attackers can exploit CVE-2020-19961 by using a SQL injection technique to retrieve sensitive data via the component subzs.php.
Are there any references related to CVE-2020-19961?
Yes, there are references available. Please check the following links: [ZZCMS official website](http://zzcms.com), [ZZCMS GitHub repository](https://github.com/forget-code/zzcms), [ZZCMS 2019 SQL injection vulnerability details](https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20subzs.php.md).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- agent/source
- vendor/zzcms
- canonical/zzcms zzcms
- version/zzcms zzcms/2019