2019-02-17 20:29:00 2019-02-19 22:29:08

admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.