| Titel | zzcms 2023 COMMAND EXECUTION |
|---|
| Beschreibung | When $phome=="DoExecutSQL" is set in the file 3/Ebak5.1/upload/phome.php, any SQL statement can be executed, and a Trojan can be written to the website root directory, causing fatal exploitation by GETSHELL. |
|---|
| Quelle | ⚠️ https://github.com/LvZCh/zzcms2023/issues/3 |
|---|
| Benutzer | LVZC (UID 74910) |
|---|
| Einreichung | 20.10.2024 10:45 (vor 2 Jahren) |
|---|
| Moderieren | 23.10.2024 09:52 (3 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 281560 [ZZCMS 2023 phome.php Ebak_DoExecSQL/Ebak_DotranExecutSQL phome SQL Injection] |
|---|
| Punkte | 17 |
|---|