Vendor CVEs
Zzcms
All CVEs
120 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-1010150 | 0.00 | — | 0.02 | Jul 23, 2019 | zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php. | |||
| CVE-2019-1010149 | 0.00 | — | 0.02 | Jul 23, 2019 | zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php. | |||
| CVE-2019-1010148 | 0.00 | — | 0.02 | Jul 23, 2019 | zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution. | |||
| CVE-2019-1010151 | 0.00 | — | 0.02 | Jul 19, 2019 | zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php. | |||
| CVE-2018-17416 | 0.00 | — | 0.01 | Mar 7, 2019 | A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | |||
| CVE-2018-17415 | 0.00 | — | 0.01 | Mar 7, 2019 | zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | |||
| CVE-2018-17412 | 0.00 | — | 0.02 | Mar 7, 2019 | zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. | |||
| CVE-2018-17413 | 0.00 | — | 0.01 | Mar 7, 2019 | XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. | |||
| CVE-2019-9182 | 0.00 | — | 0.01 | Feb 26, 2019 | There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter. | |||
| CVE-2019-9078 | 0.00 | — | 0.01 | Feb 24, 2019 | zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | |||
| CVE-2019-8411 | 0.00 | — | 0.03 | Feb 17, 2019 | admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | |||
| CVE-2018-18785 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. | |||
| CVE-2018-18788 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) | |||
| CVE-2018-18784 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) | |||
| CVE-2018-18787 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. | |||
| CVE-2018-18790 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) | |||
| CVE-2018-18791 | 0.00 | — | 0.02 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. | |||
| CVE-2018-18789 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. | |||
| CVE-2018-18792 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. | |||
| CVE-2018-18786 | 0.00 | — | 0.01 | Oct 29, 2018 | An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. |
- CVE-2019-1010150Jul 23, 2019risk 0.00cvss —epss 0.02
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php.
- CVE-2019-1010149Jul 23, 2019risk 0.00cvss —epss 0.02
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.
- CVE-2019-1010148Jul 23, 2019risk 0.00cvss —epss 0.02
zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution.
- CVE-2019-1010151Jul 19, 2019risk 0.00cvss —epss 0.02
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.
- CVE-2018-17416Mar 7, 2019risk 0.00cvss —epss 0.01
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.
- CVE-2018-17415Mar 7, 2019risk 0.00cvss —epss 0.01
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.
- CVE-2018-17412Mar 7, 2019risk 0.00cvss —epss 0.02
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
- CVE-2018-17413Mar 7, 2019risk 0.00cvss —epss 0.01
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.
- CVE-2019-9182Feb 26, 2019risk 0.00cvss —epss 0.01
There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.
- CVE-2019-9078Feb 24, 2019risk 0.00cvss —epss 0.01
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
- CVE-2019-8411Feb 17, 2019risk 0.00cvss —epss 0.03
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
- CVE-2018-18785Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
- CVE-2018-18788Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
- CVE-2018-18784Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)
- CVE-2018-18787Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
- CVE-2018-18790Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
- CVE-2018-18791Oct 29, 2018risk 0.00cvss —epss 0.02
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
- CVE-2018-18789Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
- CVE-2018-18792Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
- CVE-2018-18786Oct 29, 2018risk 0.00cvss —epss 0.01
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
Page 3 of 3