Zzcms
by Zzcms
CVEs (110)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8411 | 0.00 | — | 0.03 | Feb 17, 2019 | admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | |||
| CVE-2018-18784 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | |||
| CVE-2018-18785 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | |||
| CVE-2018-18790 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) | |||
| CVE-2018-18792 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | |||
| CVE-2018-18786 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. | |||
| CVE-2018-18787 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | |||
| CVE-2018-18791 | 0.00 | — | 0.02 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | |||
| CVE-2018-18788 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) | |||
| CVE-2018-18789 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. |
- CVE-2019-8411Feb 17, 2019risk 0.00cvss —epss 0.03
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
- CVE-2018-18784Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)
- CVE-2018-18785Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
- CVE-2018-18790Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
- CVE-2018-18792Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
- CVE-2018-18786Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
- CVE-2018-18787Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
- CVE-2018-18791Oct 29, 2018risk 0.00cvss —epss 0.02
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
- CVE-2018-18788Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
- CVE-2018-18789Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
Page 6 of 6