parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-10-14T11:43:05

Updated: 2024-08-05T01:40:15.248Z

Reserved: 2019-10-09T00:00:00

Link: CVE-2019-17408

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-14T12:15:10.200

Modified: 2024-11-21T04:32:16.983

Link: CVE-2019-17408

cve-icon Redhat

No data.