VYPR

ZKEACMS

by ZKEACMS

CVEs (3)

  • CVE-2025-52239CriAug 4, 2025
    risk 0.64cvss 9.8epss 0.00

    An arbitrary file upload vulnerability in ZKEACMS v4.1 allows attackers to execute arbitrary code via a crafted file.

  • CVE-2020-20670HigSep 13, 2021
    risk 0.57cvss 8.8epss 0.02

    An arbitrary file upload vulnerability in /admin/media/upload of ZKEACMS V3.2.0 allows attackers to execute arbitrary code via a crafted HTML file.

  • CVE-2025-10471MedSep 15, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in ZKEACMS 4.3. Impacted is the function Proxy of the file src/ZKEACMS/Controllers/MediaController.cs. Performing manipulation of the argument url results in server-side request forgery. It is possible to initiate the attack remotely. The exploit is…