CVE-2021-40280: SQL Injection
First published: Thu Dec 09 2021(Updated: )
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Zzcms Zzcms | =8.2 | |
| Zzcms Zzcms | =8.3 | |
| Zzcms Zzcms | =2020 | |
| Zzcms Zzcms | =2021 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-40280.
What is the severity of CVE-2021-40280?
The severity of CVE-2021-40280 is high (7.2).
Which software versions are affected by CVE-2021-40280?
CVE-2021-40280 affects zzcms versions 8.2, 8.3, 2020, and 2021.
How does the SQL Injection occur in zzcms?
The SQL Injection vulnerability in zzcms 8.2, 8.3, 2020, and 2021 occurs via the id parameter in the admin/dl_sendmail.php file.
Is there a fix available for CVE-2021-40280?
Currently, there is no known fix available for CVE-2021-40280. It is recommended to apply any security patches or updates provided by the vendor.
- collector/nvd-index
- agent/author
- agent/references
- agent/severity
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/zzcms
- canonical/zzcms zzcms
- version/zzcms zzcms/8.2
- version/zzcms zzcms/8.3
- version/zzcms zzcms/2020
- version/zzcms zzcms/2021