ZZCMS V8.3 SQL injection in /user/zs_elite.php line 48 via id parameter

Vulnerability CMS and version

zzcms v8.3 Download link:http://www.zzcms.net/download/zzcms8.3.zip

Triggering conditions

Log in to access the zs_elite.php page

Vulnerability details

in CMS /user/zs_elite.php line 48,id parameter value comes from $_REQUEST function that can bypass cms security filtering. The value of the id parameter is finally brought to line 118 [/user/zs_elite.php], and the final SQL statement is executed, resulting in SQL injection.

POC

http://192.168.30.216/user/zs_elite.php?id=-11' union select 1,'test',user(),4,5%23&page=1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SQL injection in zs_elite.php.md

SQL injection in zs_elite.php.md

ZZCMS V8.3 SQL injection in /user/zs_elite.php line 48 via id parameter

Vulnerability CMS and version

Triggering conditions

Vulnerability details

POC

Files

SQL injection in zs_elite.php.md

Latest commit

History

SQL injection in zs_elite.php.md

File metadata and controls

ZZCMS V8.3 SQL injection in /user/zs_elite.php line 48 via id parameter

Vulnerability CMS and version

Triggering conditions

Vulnerability details

POC