Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zzcms zzcms 2018 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-17136
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
Zzcms Zzcms 8.3
5.5
CVSSv2
CVE-2018-17797
An issue exists in zzcms 8.3. user/zssave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.3
6.4
CVSSv2
CVE-2018-8965
An issue exists in zzcms 8.2. user/ppsave.php allows remote malicious users to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.2
7.5
CVSSv2
CVE-2018-8967
An issue exists in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
Zzcms Zzcms 8.2
6.4
CVSSv2
CVE-2018-13056
An issue exists on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.3
7.5
CVSSv2
CVE-2018-13116
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
Zzcms Zzcms 8.3.
5
CVSSv2
CVE-2018-14961
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
Zzcms Zzcms 8.3
3.5
CVSSv2
CVE-2018-14962
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
Zzcms Zzcms 8.3.
6.8
CVSSv2
CVE-2018-14963
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.
Zzcms Zzcms 8.3.
5.5
CVSSv2
CVE-2018-17798
An issue exists in zzcms 8.3. user/ztconfig.php allows remote malicious users to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
Zzcms Zzcms 8.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644
unprivileged
CVE-2024-3494
CVE-2024-22460
CVE-2024-26026
CVE-2024-23473
firewall
CVE-2024-28889
XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »