zzcms vulnerabilities and exploits

6.5
MEDIUM
CVE-2018-17414

zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter....

6.5
MEDIUM
CVE-2018-17416

A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter....

4.3
MEDIUM
CVE-2018-17413

XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter....

7.5
HIGH
CVE-2018-17412

zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header....

6.5
MEDIUM
CVE-2018-17415

zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter....

3.5
LOW
CVE-2019-9078

zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT....

6.4
MEDIUM
CVE-2019-8411

admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal....

7.5
HIGH
CVE-2018-18789

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php....

6.5
MEDIUM
CVE-2018-18784

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)...

6.5
MEDIUM
CVE-2018-18790

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)...