Skip to content
Branch: master
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
13 lines (12 sloc) 794 Bytes

ZZCMS v8.3 SQL injection in /user/jobmanage.php via bigclass parameter

CMS version

zzcms 8.3 Download link:

Vulnerability location

By default, the ZZCMS framework performs security filtering on the $_GET request and the $_POST request parameter via the addslashes() function. But /user/jobmanage.php in line 42-47,the parameter bigclass comes from $_REQUEST function that can bypass ZZCMS security filtering lead to SQL injection.

Vulnerability trigger condition

Trigger the SQL injection vulnerability when a user logs in and visit the user/jobmanage.php


You can’t perform that action at this time.