Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zrlog vulnerabilities and exploits
(subscribe to this query)
9.1
CVSSv3
CVE-2020-27514
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote malicious users to delete arbitrary files and cause a denial of service (DoS).
Zrlog Zrlog 2.1.5
6.1
CVSSv3
CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote malicious user to execute arbitrary code via the nickame parameter of the /post/addComment function.
Zrlog Zrlog 2.1.3
9.8
CVSSv3
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
Zrlog Zrlog 2.2.2
7.8
CVSSv3
CVE-2021-44094
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
Zrlog Zrlog 2.2.2
6.1
CVSSv3
CVE-2020-18066
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
Zrlog Zrlog 2.1.0
6.1
CVSSv3
CVE-2020-21316
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote malicious users to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
Zrlog Zrlog 2.1.3
5.7
CVSSv3
CVE-2020-19005
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
Zrlog Zrlog 2.1.0
5.4
CVSSv3
CVE-2019-16643
An issue exists in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
Zrlog Zrlog 2.0.1
6.1
CVSSv3
CVE-2018-17079
An issue exists in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.
Zrlog Zrlog 2.0.1
7.2
CVSSv3
CVE-2018-17420
An issue exists in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
Zrlog Zrlog 2.0.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »