CVE-2024-10291 | ZZCMS 2023 phome.php Ebak_DoExecSQL/Ebak_DotranExecutSQL phome sql injection

Inserito da Angelo Barbosa | Ott 23, 2024 | CVE

A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Ebak_DotranExecutSQL of the file 3/Ebak5.1/upload/phome.php. The manipulation of the argument phome leads to sql injection.

This vulnerability was named CVE-2024-10291. The attack can be initiated remotely. Furthermore, there is an exploit available.

CVE-2024-10291 | ZZCMS 2023 phome.php Ebak_DoExecSQL/Ebak_DotranExecutSQL phome sql injection

Post correlati

CVE-2024-32000 | matrix-appservice-irc prior 2.0.0 Message insufficient permissions or privileges

CVE-2023-40356 | Ping Identity PingOne MFA Integration Kit up to 2.3.0 authentication spoofing

CVE-2024-3119 | irontec sngrep up to 1.8.0 SIP Header sip.c strncpy Call-ID/X-Call-ID buffer overflow

CVE-2024-48042 | Supsystic Contact Form Plugin up to 1.7.28 on WordPress special elements used in a template engine