Submit #427101: zzcms 2023 COMMAND EXECUTIONinfo

Titlezzcms 2023 COMMAND EXECUTION
DescriptionWhen $phome=="DoExecutSQL" is set in the file 3/Ebak5.1/upload/phome.php, any SQL statement can be executed, and a Trojan can be written to the website root directory, causing fatal exploitation by GETSHELL.
Source⚠️ https://github.com/LvZCh/zzcms2023/issues/3
User
 LVZC (UID 74910)
Submission10/20/2024 10:45 (2 years ago)
Moderation10/23/2024 09:52 (3 days later)
StatusAccepted
VulDB entry281560 [ZZCMS 2023 phome.php Ebak_DoExecSQL/Ebak_DotranExecutSQL phome sql injection]
Points17

PreviousOverviewNext

Interested in the pricing of exploits?

See the underground prices here!