exploitDog

CVE-2020-19960

Опубликовано: 14 окт. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.

Ссылки

https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendsms.php.md
Exploit
Third Party Advisory
https://github.com/zhuxianjin/vuln_repo/blob/master/zzcms2019%20SQL%20injection%20vulnerability%20in%20dl_sendsms.php.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-2v3v-rhww-4g3j

github

больше 3 лет назад

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.

EPSS

Процентиль: 60%

0.00403

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-89