Sign in Subscribe

← All vendors

Vendor

Zzcms

Products

1

CVEs

8

Across products

8

Status

Private

Products

1

Zzcms
8 CVEs

Recent CVEs

8

CVE	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2025-13171	Med	0.41	6.3	0.00		Nov 14, 2025	A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulation of the argument keyword leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2025-14837	Med	0.31	4.7	0.00		Dec 18, 2025	A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-14836	Low	0.18	2.7	0.00		Dec 17, 2025	A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2019-1010153		0.00	—	0.00		Jul 23, 2019	zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php.
CVE-2019-1010152		0.00	—	0.00		Jul 23, 2019	zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80.
CVE-2019-1010150		0.00	—	0.01		Jul 23, 2019	zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php.
CVE-2019-1010149		0.00	—	0.01		Jul 23, 2019	zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.
CVE-2019-1010148		0.00	—	0.01		Jul 23, 2019	zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution.