Zzcms
by Zzcms
CVEs (110)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-12353 | 0.00 | — | 0.01 | Jun 17, 2022 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | |||
| CVE-2019-12354 | 0.00 | — | 0.01 | Jun 17, 2022 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. | |||
| CVE-2019-12355 | 0.00 | — | 0.01 | Jun 17, 2022 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. | |||
| CVE-2019-12356 | 0.00 | — | 0.01 | Jun 17, 2022 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. | |||
| CVE-2019-12357 | 0.00 | — | 0.01 | Jun 17, 2022 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. | |||
| CVE-2019-12358 | 0.00 | — | 0.01 | Jun 17, 2022 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. | |||
| CVE-2019-12359 | 0.00 | — | 0.01 | Jun 17, 2022 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. | |||
| CVE-2019-12350 | 0.00 | — | 0.01 | Jun 2, 2022 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. | |||
| CVE-2019-12349 | 0.00 | — | 0.01 | Jun 2, 2022 | An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. | |||
| CVE-2019-12351 | 0.00 | — | 0.01 | Jun 2, 2022 | An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. | |||
| CVE-2022-28521 | 0.00 | — | 0.02 | Apr 26, 2022 | ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. | |||
| CVE-2021-46437 | 0.00 | — | 0.00 | Apr 8, 2022 | An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | |||
| CVE-2021-46436 | 0.00 | — | 0.01 | Apr 8, 2022 | An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | |||
| CVE-2021-45347 | 0.00 | — | 0.01 | Feb 14, 2022 | An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. | |||
| CVE-2021-45286 | 0.00 | — | 0.02 | Feb 9, 2022 | Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. | |||
| CVE-2021-42945 | 0.00 | — | 0.01 | Dec 15, 2021 | A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. | |||
| CVE-2020-19042 | 0.00 | — | 0.01 | Dec 13, 2021 | Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | |||
| CVE-2020-19683 | 0.00 | — | 0.01 | Dec 9, 2021 | A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. | |||
| CVE-2020-19682 | 0.00 | — | 0.01 | Dec 9, 2021 | A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | |||
| CVE-2021-40282 | 0.00 | — | 0.01 | Dec 9, 2021 | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. |
- CVE-2019-12353Jun 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter.
- CVE-2019-12354Jun 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.
- CVE-2019-12355Jun 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.
- CVE-2019-12356Jun 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.
- CVE-2019-12357Jun 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.
- CVE-2019-12358Jun 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie.
- CVE-2019-12359Jun 17, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter.
- CVE-2019-12350Jun 2, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.
- CVE-2019-12349Jun 2, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.
- CVE-2019-12351Jun 2, 2022risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.
- CVE-2022-28521Apr 26, 2022risk 0.00cvss —epss 0.02
ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.
- CVE-2021-46437Apr 8, 2022risk 0.00cvss —epss 0.00
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.
- CVE-2021-46436Apr 8, 2022risk 0.00cvss —epss 0.01
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
- CVE-2021-45347Feb 14, 2022risk 0.00cvss —epss 0.01
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
- CVE-2021-45286Feb 9, 2022risk 0.00cvss —epss 0.02
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
- CVE-2021-42945Dec 15, 2021risk 0.00cvss —epss 0.01
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
- CVE-2020-19042Dec 13, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.
- CVE-2020-19683Dec 9, 2021risk 0.00cvss —epss 0.01
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
- CVE-2020-19682Dec 9, 2021risk 0.00cvss —epss 0.01
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.
- CVE-2021-40282Dec 9, 2021risk 0.00cvss —epss 0.01
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.
Page 4 of 6