VYPR

Zzcms

by Zzcms

CVEs (110)

  • CVE-2024-44819Sep 4, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component.

  • CVE-2024-7927Aug 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the file /admin/class.php?dowhat=modifyclass. The manipulation of the argument skin[] leads to path traversal. The attack can be launched remotely. The…

  • CVE-2024-7926Aug 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit.php?action=modify. The manipulation of the argument skin leads to path traversal. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2024-7925Aug 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file 3/E_bak5.1/upload/eginfo.php. The manipulation of the argument phome with the input ShowPHPInfo leads to information disclosure. The attack may be…

  • CVE-2024-7924Aug 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/list.php. The manipulation of the argument skin leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the…

  • CVE-2024-43009Aug 16, 2024
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTP_REFERER header into the HTML response without proper sanitization. An attacker can exploit this…

  • CVE-2024-43011Aug 16, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to…

  • CVE-2024-43005Aug 16, 2024
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

  • CVE-2024-43006Aug 16, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the…

  • CVE-2023-50104Dec 28, 2023
    risk 0.00cvss epss 0.01

    ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.

  • CVE-2023-45555Oct 24, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.

  • CVE-2023-45909Oct 18, 2023
    risk 0.00cvss epss 0.00

    zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.

  • CVE-2023-5582Oct 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has…

  • CVE-2023-5263Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The…

  • CVE-2023-36162Jul 3, 2023
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.

  • CVE-2022-44361Dec 7, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.

  • CVE-2022-40447Sep 22, 2022
    risk 0.00cvss epss 0.01

    ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

  • CVE-2022-40446Sep 22, 2022
    risk 0.00cvss epss 0.01

    ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

  • CVE-2022-40444Sep 22, 2022
    risk 0.00cvss epss 0.01

    ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.

  • CVE-2019-12352Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.

Page 3 of 6