A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24877
Reference (s):
- https://github.com/h4ckdepy/zzzphp/issues/1