Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzcms zzcms vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-19960
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows malicious users to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
Zzcms Zzcms 2019
445
VMScore
CVE-2020-19961
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows malicious users to retrieve sensitive data via the component subzs.php.
Zzcms Zzcms 2019
668
VMScore
CVE-2021-42945
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
Zzcms Zzcms 2021
445
VMScore
CVE-2021-45347
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
Zzcms Zzcms 8.2
570
VMScore
CVE-2018-8965
An issue exists in zzcms 8.2. user/ppsave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
445
VMScore
CVE-2018-8966
An issue exists in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Zzcms Zzcms 8.2
668
VMScore
CVE-2018-8967
An issue exists in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
Zzcms Zzcms 8.2
570
VMScore
CVE-2018-8968
An issue exists in zzcms 8.2. user/manage.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
570
VMScore
CVE-2018-8969
An issue exists in zzcms 8.2. user/licence_save.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
570
VMScore
CVE-2019-8411
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote malicious users to delete arbitrary files via action=del&filename=../ directory traversal.
Zzcms Zzcms 2018
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5324
path traversal
CVE-2024-4743
CVE-2024-5184
TCP
CVE-2024-27822
code injection
CVE-2024-28995
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
NEXT »