Zzcms - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Zzcms
(Zzcms)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	80

Date	Id	Summary	Products	Score	Patch	Annotated
2023-12-29	CVE-2023-50104	ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.	Zzcms	9.8
2023-09-15	CVE-2023-42398	An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.	Zzcms	9.8
2023-07-03	CVE-2023-36162	Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.	Zzcms	8.8
2022-12-07	CVE-2022-44361	An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.	Zzcms	5.4
2018-02-24	CVE-2018-7434	zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.	Zzcms	5.3
2018-03-24	CVE-2018-8965	An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.	Zzcms	7.5
2018-03-24	CVE-2018-8966	An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.	Zzcms	7.5
2018-03-24	CVE-2018-8967	An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.	Zzcms	9.8
2018-03-24	CVE-2018-8968	An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.	Zzcms	7.5
2018-03-24	CVE-2018-8969	An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.	Zzcms	7.5