Security for everyone

CVE-2019-9041 Scanner

Detects 'Code Injection' vulnerability in ZZZCMS affects v. 1.6.1.

SCAN NOW

Short Info


Level

High

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Url

Parent Category

CVE-2019-9041 Scanner Detail

ZZZCMS is a content management system used for building and managing websites. It is written in PHP and, just like other CMSs, it allows developers to create web pages without having to write all the code from scratch. This fully-featured, open-source CMS provides admin panels, templates, and various plugins, making it easy to use by both developers and non-technical users.

However, a vulnerability has been discovered in ZZZCMS's zzzphp V1.6.1 version, identified as CVE-2019-9041. The vulnerability resides in the inc/zzz_template.php file, where the parserIfLabel() function's filtering is not strict. This results in the execution of PHP code, allowing attackers to take control of the website and access sensitive data. 

If exploited, the vulnerability can do more harm than just causing website data breaches. Attackers can use it to deploy malware on the website, redirect visitors to malicious sites, or even launch DDOS attacks. Furthermore, this vulnerability highlights how crucial it is to maintain updated and secure versions of CMSs. 

As a platform that promotes digital asset security, securityforeveryone.com can help you learn about vulnerabilities in your digital assets, including your ZZZCMS website. With pro features, you can get a comprehensive report on your website's vulnerabilities and how to resolve them. By leveraging such tools and services, you can protect your digital assets from potential vulnerabilities and improve your website's overall security posture. 

 

REFERENCES

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture