Enviar #711654: zzcms zzcms2025 Plaintext Password in Configuration Fileinformación

Títulozzcms zzcms2025 Plaintext Password in Configuration File
DescripciónThe user data storage module of the zzcms2025 version has a sensitive information plaintext storage vulnerability. When the system registers/saves user information, it does not hash or encrypt the user's password, but stores it directly in plaintext in the database's user table (e.g., the zzcms_user table). If an attacker gains access to the database, they can directly read all user passwords in plaintext, leading to a complete compromise of user accounts.
Fuente⚠️ https://note-hxlab.wetolink.com/share/bu2KYevoyBm6
Usuario
 airrudder (UID 25092)
Sumisión2025-12-10 07:36 (hace 6 meses)
Moderación2025-12-17 16:49 (7 days later)
EstadoAceptado
Entrada de VulDB336986 [ZZCMS 2025 User Data Storage /reg/user_save.php divulgación de información]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!