An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.Referenceshttps://github.com/cby234/zzcms/issues/1
