ZZCMS v8.3 SQL injection in /user/jobmanage.php via bigclass parameter
zzcms 8.3 Download link:http://www.zzcms.net/about/6.htm
By default, the ZZCMS framework performs security filtering on the $_GET request and the $_POST request parameter via the addslashes() function. But /user/jobmanage.php in line 42-47,the parameter bigclass comes from $_REQUEST function that can bypass ZZCMS security filtering lead to SQL injection.
Vulnerability trigger condition
Trigger the SQL injection vulnerability when a user logs in and visit the user/jobmanage.php