Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzcms zzcms 2018 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-1000653
zzcms version 8.3 and previous versions contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
Zzcms Zzcms
446
VMScore
CVE-2018-14961
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
Zzcms Zzcms 8.3
312
VMScore
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
Zzcms Zzcms 8.3.
605
VMScore
CVE-2018-14963
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.
Zzcms Zzcms 8.3.
668
VMScore
CVE-2018-13116
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
Zzcms Zzcms 8.3.
570
VMScore
CVE-2018-13056
An issue exists on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.3
570
VMScore
CVE-2018-9331
An issue exists in zzcms 8.2. user/adv.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
445
VMScore
CVE-2018-9309
An issue exists in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.
Zzcms Zzcms 8.2
570
VMScore
CVE-2018-8965
An issue exists in zzcms 8.2. user/ppsave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
668
VMScore
CVE-2018-8967
An issue exists in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
Zzcms Zzcms 8.2
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »