Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzcms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-1000653
zzcms version 8.3 and previous versions contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
Zzcms Zzcms
5.4
CVSSv3
CVE-2020-20285
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
Zzcms Zzcms 2019
7.5
CVSSv3
CVE-2018-16344
An issue exists in zzcms 8.3. It allows remote malicious users to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.3
9.8
CVSSv3
CVE-2018-14961
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
Zzcms Zzcms 8.3
5.4
CVSSv3
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
Zzcms Zzcms 8.3.
8.8
CVSSv3
CVE-2018-14963
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.
Zzcms Zzcms 8.3.
7.5
CVSSv3
CVE-2019-8411
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote malicious users to delete arbitrary files via action=del&filename=../ directory traversal.
Zzcms Zzcms 2018
5.4
CVSSv3
CVE-2020-35973
An issue exists in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.
Zzcms Zzcms 2020
7.5
CVSSv3
CVE-2018-8965
An issue exists in zzcms 8.2. user/ppsave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
7.5
CVSSv3
CVE-2018-8966
An issue exists in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
Zzcms Zzcms 8.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »