Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zzcms
(Zzcms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 91 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-09-22 | CVE-2022-40443 | An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. | Zzcms | 5.3 | ||
2022-09-22 | CVE-2022-40444 | ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | Zzcms | 5.3 | ||
2022-09-22 | CVE-2022-40446 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. | Zzcms | 7.2 | ||
2022-09-22 | CVE-2022-40447 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. | Zzcms | 7.2 | ||
2024-09-04 | CVE-2024-44819 | Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component. | Zzcms | 6.1 | ||
2020-12-18 | CVE-2020-20285 | There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php | Zzcms | 5.4 | ||
2021-01-11 | CVE-2020-23630 | A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | Zzcms | 8.8 | ||
2021-04-08 | CVE-2020-23426 | zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | Zzcms | 9.8 | ||
2021-05-13 | CVE-2020-21342 | Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | Zzcms | 7.5 | ||
2021-06-03 | CVE-2020-35973 | An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. | Zzcms | 5.4 |