exploitDog

CVE-2025-22957

Опубликовано: 31 янв. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitive information.

Ссылки

http://www.zzcms.net/
Broken Link
Product
https://github.com/youyouiooi/vulnerability-reports/blob/main/CVE-2025-22957/REANDE.md
Broken Link
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:zzcms:zzcms:*:*:*:*:*:*:*:*

Версия до 2023 (включая)

EPSS

Процентиль: 58%

0.00362

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-pmc3-v8x7-chwc

CVSS3: 9.8

github

около 1 года назад

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitive information.

EPSS

Процентиль: 58%

0.00362

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89