VYPR
Vendor

zbzcms

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2022-27131CriApr 10, 2022
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-27129CriApr 10, 2022
    risk 0.64cvss 9.8epss 0.01

    An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-27128CriApr 10, 2022
    risk 0.64cvss 9.8epss 0.01

    An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.

  • CVE-2022-27126CriApr 10, 2022
    risk 0.64cvss 9.8epss 0.01

    zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.

  • CVE-2022-27133CriApr 10, 2022
    risk 0.59cvss 9.1epss 0.01

    zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.

  • CVE-2022-27127MedApr 10, 2022
    risk 0.42cvss 6.5epss 0.01

    zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.

  • CVE-2022-27125MedApr 10, 2022
    risk 0.40cvss 6.1epss 0.01

    zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php.