| Titolo | zzcms 2023 COMMAND EXECUTION |
|---|
| Descrizione | When $phome=="DoExecutSQL" is set in the file 3/Ebak5.1/upload/phome.php, any SQL statement can be executed, and a Trojan can be written to the website root directory, causing fatal exploitation by GETSHELL. |
|---|
| Fonte | ⚠️ https://github.com/LvZCh/zzcms2023/issues/3 |
|---|
| Utente | LVZC (UID 74910) |
|---|
| Sottomissione | 20/10/2024 10:45 (2 anni fa) |
|---|
| Moderazione | 23/10/2024 09:52 (3 days later) |
|---|
| Stato | Accettato |
|---|
| Voce VulDB | 281560 [ZZCMS 2023 phome.php Ebak_DoExecSQL/Ebak_DotranExecutSQL phome iniezione SQL] |
|---|
| Punti | 17 |
|---|