Skip to content
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
16 lines (15 sloc) 835 Bytes

ZZCMS V8.3 SQL injection in /user/zs_elite.php line 48 via id parameter

Vulnerability CMS and version

zzcms v8.3 Download link:

Triggering conditions

Log in to access the zs_elite.php page

Vulnerability details

in CMS /user/zs_elite.php line 48,id parameter value comes from $_REQUEST function that can bypass cms security filtering. The value of the id parameter is finally brought to line 118 [/user/zs_elite.php], and the final SQL statement is executed, resulting in SQL injection.

POC' union select 1,'test',user(),4,5%23&page=1

You can’t perform that action at this time.