Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzcms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
Zzcms Zzcms 8.3.
9.8
CVSSv3
CVE-2021-42945
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
Zzcms Zzcms 2021
9.8
CVSSv3
CVE-2018-17136
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
Zzcms Zzcms 8.3
8.8
CVSSv3
CVE-2019-12356
An issue exists in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.
Zzcms Zzcms 2019
1 Github repository
5.3
CVSSv3
CVE-2018-7434
zzcms 8.2 allows remote malicious users to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
Zzcms Zzcms 8.2
5.3
CVSSv3
CVE-2021-45286
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
Zzcms Zzcms 2021
7.5
CVSSv3
CVE-2018-9331
An issue exists in zzcms 8.2. user/adv.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
6.5
CVSSv3
CVE-2018-17797
An issue exists in zzcms 8.3. user/zssave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.3
6.5
CVSSv3
CVE-2018-17798
An issue exists in zzcms 8.3. user/ztconfig.php allows remote malicious users to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.3
5.4
CVSSv3
CVE-2019-9078
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
Zzcms Zzcms 2019
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
cross-site scripting
CVE-2024-5158
XML external entity
CVE-2024-4262
CVE-2024-2036
CVE-2024-4985
CVE-2024-21791
remote attackers
CVE-2023-43208
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »