zbzcms
by zbzcms
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-27131 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2022 | An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2022-27129 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2022 | An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. | ||
| CVE-2022-27128 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2022 | An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. | ||
| CVE-2022-27126 | Cri | 0.64 | 9.8 | 0.01 | Apr 10, 2022 | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. | ||
| CVE-2022-27133 | Cri | 0.59 | 9.1 | 0.01 | Apr 10, 2022 | zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. | ||
| CVE-2022-27127 | Med | 0.42 | 6.5 | 0.01 | Apr 10, 2022 | zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. | ||
| CVE-2022-27125 | Med | 0.40 | 6.1 | 0.01 | Apr 10, 2022 | zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. |
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.64cvss 9.8epss 0.01
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
- risk 0.64cvss 9.8epss 0.01
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.
- risk 0.64cvss 9.8epss 0.01
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.
- risk 0.59cvss 9.1epss 0.01
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.
- risk 0.42cvss 6.5epss 0.01
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.
- risk 0.40cvss 6.1epss 0.01
zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php.