CVE-2025-22957

CRITICAL

9.8

Descricao

A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authentication. This vulnerability could potentially allow attackers to gain unauthorized access to the database and extract sensitive information.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado1/31/2025

Ultima modificacao4/22/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

zzcms:zzcms

Fraquezas (CWE)

CWE-89

Referencias

http://www.zzcms.net/(cve@mitre.org)

https://github.com/youyouiooi/vulnerability-reports/blob/main/CVE-2025-22957/REANDE.md(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.