VYPR

Vendor CVEs

Zzcms

All CVEs

120 total · sorted by risk
  • CVE-2019-1010150Jul 23, 2019
    risk 0.00cvss epss 0.02

    zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php.

  • CVE-2019-1010149Jul 23, 2019
    risk 0.00cvss epss 0.02

    zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.

  • CVE-2019-1010148Jul 23, 2019
    risk 0.00cvss epss 0.02

    zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution.

  • CVE-2019-1010151Jul 19, 2019
    risk 0.00cvss epss 0.02

    zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.

  • CVE-2018-17416Mar 7, 2019
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.

  • CVE-2018-17415Mar 7, 2019
    risk 0.00cvss epss 0.01

    zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.

  • CVE-2018-17412Mar 7, 2019
    risk 0.00cvss epss 0.02

    zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.

  • CVE-2018-17413Mar 7, 2019
    risk 0.00cvss epss 0.01

    XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.

  • CVE-2019-9182Feb 26, 2019
    risk 0.00cvss epss 0.01

    There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter.

  • CVE-2019-9078Feb 24, 2019
    risk 0.00cvss epss 0.01

    zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.

  • CVE-2019-8411Feb 17, 2019
    risk 0.00cvss epss 0.03

    admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.

  • CVE-2018-18785Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.

  • CVE-2018-18788Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)

  • CVE-2018-18784Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)

  • CVE-2018-18787Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.

  • CVE-2018-18790Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)

  • CVE-2018-18791Oct 29, 2018
    risk 0.00cvss epss 0.02

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.

  • CVE-2018-18789Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.

  • CVE-2018-18792Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.

  • CVE-2018-18786Oct 29, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.

Page 3 of 3