VYPR

Vendor CVEs

Zzcms

All CVEs

120 total · sorted by risk
  • CVE-2024-43005Aug 16, 2024
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload.

  • CVE-2024-43011Aug 16, 2024
    risk 0.00cvss epss 0.01

    An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficient validation and sanitization of user input for file paths, an attacker can exploit this vulnerability by using directory traversal techniques to…

  • CVE-2024-43009Aug 16, 2024
    risk 0.00cvss epss 0.00

    A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The application directly inserts the value of the HTTP_REFERER header into the HTML response without proper sanitization. An attacker can exploit this…

  • CVE-2024-43006Aug 16, 2024
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit this vulnerability by sending a specially crafted POST request to /user/ask_edit.php?action=add, which includes malicious JavaScript code in the…

  • CVE-2023-50104Dec 28, 2023
    risk 0.00cvss epss 0.01

    ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.

  • CVE-2023-45555Oct 24, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.

  • CVE-2023-45909Oct 18, 2023
    risk 0.00cvss epss 0.00

    zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.

  • CVE-2023-5582Oct 14, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has…

  • CVE-2023-5263Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The…

  • CVE-2023-36162Jul 3, 2023
    risk 0.00cvss epss 0.00

    Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.

  • CVE-2022-44361Dec 7, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.

  • CVE-2022-40447Sep 22, 2022
    risk 0.00cvss epss 0.01

    ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

  • CVE-2022-40446Sep 22, 2022
    risk 0.00cvss epss 0.01

    ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

  • CVE-2022-40444Sep 22, 2022
    risk 0.00cvss epss 0.01

    ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.

  • CVE-2019-12352Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.

  • CVE-2019-12353Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12354Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12355Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.

  • CVE-2019-12356Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.

  • CVE-2019-12357Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12358Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie.

  • CVE-2019-12359Jun 17, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter.

  • CVE-2019-12350Jun 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

  • CVE-2019-12349Jun 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.

  • CVE-2019-12351Jun 2, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.

  • CVE-2022-28521Apr 26, 2022
    risk 0.00cvss epss 0.02

    ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config.

  • CVE-2021-46437Apr 8, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

  • CVE-2021-46436Apr 8, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.

  • CVE-2021-45347Feb 14, 2022
    risk 0.00cvss epss 0.01

    An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.

  • CVE-2021-45286Feb 9, 2022
    risk 0.00cvss epss 0.02

    Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.

  • CVE-2021-42945Dec 15, 2021
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.

  • CVE-2020-19042Dec 13, 2021
    risk 0.00cvss epss 0.01

    Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.

  • CVE-2020-19683Dec 9, 2021
    risk 0.00cvss epss 0.01

    A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.

  • CVE-2020-19682Dec 9, 2021
    risk 0.00cvss epss 0.01

    A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.

  • CVE-2021-40282Dec 9, 2021
    risk 0.00cvss epss 0.01

    An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.

  • CVE-2021-40281Dec 9, 2021
    risk 0.00cvss epss 0.01

    An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.

  • CVE-2021-40280Dec 9, 2021
    risk 0.00cvss epss 0.01

    An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.

  • CVE-2021-40279Dec 9, 2021
    risk 0.00cvss epss 0.01

    An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.

  • CVE-2020-19957Oct 14, 2021
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.

  • CVE-2020-19961Oct 14, 2021
    risk 0.00cvss epss 0.02

    A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.

  • CVE-2020-19822Aug 26, 2021
    risk 0.00cvss epss 0.03

    A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters.

  • CVE-2020-21342May 13, 2021
    risk 0.00cvss epss 0.01

    Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.

  • CVE-2020-23426Apr 8, 2021
    risk 0.00cvss epss 0.04

    zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.

  • CVE-2020-24877Mar 15, 2021
    risk 0.00cvss epss 0.02

    A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.

  • CVE-2020-20285Dec 18, 2020
    risk 0.00cvss epss 0.02

    There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php

  • CVE-2019-17408Oct 14, 2019
    risk 0.00cvss epss 0.04

    parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.

  • CVE-2019-16722Sep 23, 2019
    risk 0.00cvss epss 0.03

    ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.

  • CVE-2019-16720Sep 23, 2019
    risk 0.00cvss epss 0.01

    ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.

  • CVE-2019-1010153Jul 23, 2019
    risk 0.00cvss epss 0.02

    zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php.

  • CVE-2019-1010152Jul 23, 2019
    risk 0.00cvss epss 0.02

    zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80.