VYPR

Zzcms

by Zzcms

CVEs (110)

  • CVE-2019-8411Feb 17, 2019
    risk 0.00cvss epss 0.03

    admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.

  • CVE-2018-18784Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)

  • CVE-2018-18785Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.

  • CVE-2018-18790Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)

  • CVE-2018-18792Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.

  • CVE-2018-18786Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.

  • CVE-2018-18787Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.

  • CVE-2018-18791Oct 29, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.

  • CVE-2018-18788Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)

  • CVE-2018-18789Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.

Page 6 of 6