CVE-2020-20298: Code Injection
First published: Fri Dec 18 2020(Updated: )
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ZZZCMS zzzphp | =1.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-20298.
What is the severity level of CVE-2020-20298?
CVE-2020-20298 has a severity level classified as critical.
What is the affected software version of CVE-2020-20298?
The affected software version of CVE-2020-20298 is zzzphp 1.7.2.
How does CVE-2020-20298 allow remote attackers to execute arbitrary commands?
CVE-2020-20298 allows remote attackers to execute arbitrary commands through an eval injection vulnerability in the parserCommon method in the ParserTemplate class in zzz_template.php.
Is there a fix available for CVE-2020-20298?
Yes, it is recommended to update zzzphp to a version that addresses CVE-2020-20298.
- collector/nvd-index
- agent/weakness
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zzzcms
- canonical/zzzcms zzzphp
- version/zzzcms zzzphp/1.7.2