Product:

Zzcms

(Zzcms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 80
Date Id Summary Products Score Patch Annotated
2021-08-26 CVE-2020-19822 A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. Zzcms 7.2
2022-09-22 CVE-2022-40443 An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. Zzcms 5.3
2022-09-22 CVE-2022-40444 ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. Zzcms 5.3
2022-09-22 CVE-2022-40446 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. Zzcms 7.2
2022-09-22 CVE-2022-40447 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. Zzcms 7.2
2021-12-09 CVE-2021-43703 An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console. Zzcms 9.8
2022-06-17 CVE-2019-12353 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. Zzcms 7.2
2022-06-17 CVE-2019-12354 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. Zzcms 7.2
2022-06-17 CVE-2019-12355 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. Zzcms 8.8
2022-06-17 CVE-2019-12356 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. Zzcms 8.8