Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzcms zzcms vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2018-8968
An issue exists in zzcms 8.2. user/manage.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
5
CVSSv2
CVE-2020-19957
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows malicious users to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.
Zzcms Zzcms 2019
5
CVSSv2
CVE-2020-19959
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows malicious users to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
Zzcms Zzcms 2019
5
CVSSv2
CVE-2020-19960
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows malicious users to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
Zzcms Zzcms 2019
6.5
CVSSv2
CVE-2020-19822
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows malicious users to execute arbitrary PHP code via the "ml" and "title" parameters.
Zzcms Zzcms 2018
5
CVSSv2
CVE-2020-19961
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows malicious users to retrieve sensitive data via the component subzs.php.
Zzcms Zzcms 2019
7.5
CVSSv2
CVE-2018-18791
An issue exists in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
Zzcms Zzcms 8.3
3.5
CVSSv2
CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
Zzcms Zzcms 2019
7.5
CVSSv2
CVE-2018-17136
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
Zzcms Zzcms 8.3
6.4
CVSSv2
CVE-2019-8411
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote malicious users to delete arbitrary files via action=del&filename=../ directory traversal.
Zzcms Zzcms 2018
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »