zzcms zzcms 2018 vulnerabilities and exploits

(subscribe to this query)

9.8

CVSSv3

dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.

Zzcms Zzcms 8.3

5.4

CVSSv3

zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.

Zzcms Zzcms 8.3.

8.8

CVSSv3

zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.

Zzcms Zzcms 8.3.

9.8

CVSSv3

zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.

Zzcms Zzcms 8.3

6.1

CVSSv3

XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.

Zzcms Zzcms 8.3

8.8

CVSSv3

zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.

Zzcms Zzcms 8.3

8.8

CVSSv3

zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.

Zzcms Zzcms 8.3

7.5

CVSSv3

An issue exists in zzcms 8.2. user/ppsave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

Zzcms Zzcms 8.2

7.2

CVSSv3

A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.

Zzcms Zzcms 8.3

6.5

CVSSv3

An issue exists in zzcms 8.3. user/zssave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

Zzcms Zzcms 8.3

Get Started

« PREV 1 2 3 4 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook