CVE-2020-23426: CSRF
First published: Thu Apr 08 2021(Updated: )
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zzcms Zzcms | =201910 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of zzcms?
The vulnerability ID of zzcms is CVE-2020-23426.
What is the severity level of CVE-2020-23426?
The severity level of CVE-2020-23426 is critical.
How does the zzcms access control vulnerability in /user/adv.php work?
The zzcms access control vulnerability in /user/adv.php allows an attacker to escalate privileges and modify data for further attacks like CSRF.
How can an attacker exploit the zzcms access control vulnerability?
An attacker can exploit the zzcms access control vulnerability by escalating privileges in /user/adv.php and modifying data for attacks such as CSRF.
Where can I find more information about the zzcms vulnerability?
You can find more information about the zzcms vulnerability at the following link: [GitHub - zzcms-vuln](https://github.com/Ling-Yizhou/zzcms-vuln/blob/master/Privilege%20Escalation/priviege%20escalation.md)
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/references
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- vendor/zzcms
- canonical/zzcms zzcms
- version/zzcms zzcms/201910