Vulnerability in N/a

CVE-2019-10647

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. For example, sourc…

EPSS: 0.617 (98.4th percentile) — read the EPSS interpretation.

Affected products

  • N/a — versions n/a

References