VYPR

Zzcms

by Zzcms

CVEs (110)

  • CVE-2019-12353Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12354Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12355Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.

  • CVE-2019-12356Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.

  • CVE-2019-12357Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12358Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie.

  • CVE-2019-12359Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12350Jun 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

  • CVE-2019-12349Jun 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.

  • CVE-2019-12351Jun 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.

  • CVE-2022-28521Apr 26, 2022
    risk 0.00cvss epss 0.02

    ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.

  • CVE-2021-46437Apr 8, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

  • CVE-2021-46436Apr 8, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.

  • CVE-2021-45347Feb 14, 2022
    risk 0.00cvss epss 0.01

    An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.

  • CVE-2021-45286Feb 9, 2022
    risk 0.00cvss epss 0.02

    Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.

  • CVE-2021-42945Dec 15, 2021
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.

  • CVE-2020-19042Dec 13, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.

  • CVE-2020-19683Dec 9, 2021
    risk 0.00cvss epss 0.01

    A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.

  • CVE-2020-19682Dec 9, 2021
    risk 0.00cvss epss 0.01

    A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.

  • CVE-2021-40282Dec 9, 2021
    risk 0.00cvss epss 0.01

    An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.

Page 4 of 6