Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzcms zzcms vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-35973
An issue exists in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.
Zzcms Zzcms 2020
570
VMScore
CVE-2018-8965
An issue exists in zzcms 8.2. user/ppsave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
445
VMScore
CVE-2018-8966
An issue exists in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Zzcms Zzcms 8.2
668
VMScore
CVE-2018-8967
An issue exists in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
Zzcms Zzcms 8.2
570
VMScore
CVE-2018-8968
An issue exists in zzcms 8.2. user/manage.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
570
VMScore
CVE-2018-8969
An issue exists in zzcms 8.2. user/licence_save.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
668
VMScore
CVE-2018-13116
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
Zzcms Zzcms 8.3.
445
VMScore
CVE-2018-7434
zzcms 8.2 allows remote malicious users to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
Zzcms Zzcms 8.2
NA
CVE-2022-40443
An absolute path traversal vulnerability in ZZCMS 2022 allows malicious users to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.
Zzcms Zzcms 2022
NA
CVE-2022-40444
ZZCMS 2022 exists to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.
Zzcms Zzcms 2022
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »