| 제목 | zzcms zzcms2025 Plaintext Password in Configuration File |
|---|
| 설명 | The user data storage module of the zzcms2025 version has a sensitive information plaintext storage vulnerability. When the system registers/saves user information, it does not hash or encrypt the user's password, but stores it directly in plaintext in the database's user table (e.g., the zzcms_user table). If an attacker gains access to the database, they can directly read all user passwords in plaintext, leading to a complete compromise of user accounts. |
|---|
| 원천 | ⚠️ https://note-hxlab.wetolink.com/share/bu2KYevoyBm6 |
|---|
| 사용자 | airrudder (UID 25092) |
|---|
| 제출 | 2025. 12. 10. AM 07:36 (6 개월 ago) |
|---|
| 모더레이션 | 2025. 12. 17. PM 04:49 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 336986 [ZZCMS 2025 User Data Storage /reg/user_save.php 정보 공개] |
|---|
| 포인트들 | 20 |
|---|