Product:

Zzcms

(Zzcms)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 91
Date Id Summary Products Score Patch Annotated
2022-09-22 CVE-2022-40443 An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. Zzcms 5.3
2022-09-22 CVE-2022-40444 ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. Zzcms 5.3
2022-09-22 CVE-2022-40446 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. Zzcms 7.2
2022-09-22 CVE-2022-40447 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. Zzcms 7.2
2024-09-04 CVE-2024-44819 Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component. Zzcms 6.1
2020-12-18 CVE-2020-20285 There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php Zzcms 5.4
2021-01-11 CVE-2020-23630 A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). Zzcms 8.8
2021-04-08 CVE-2020-23426 zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. Zzcms 9.8
2021-05-13 CVE-2020-21342 Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. Zzcms 7.5
2021-06-03 CVE-2020-35973 An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. Zzcms 5.4