Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zzcms
(Zzcms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 80 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-10-14 | CVE-2020-19961 | A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. | Zzcms | 7.5 | ||
2019-07-23 | CVE-2019-1010149 | zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php. | Zzcms | 9.8 | ||
2019-07-23 | CVE-2019-1010150 | zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php. | Zzcms | 9.8 | ||
2019-07-23 | CVE-2019-1010152 | zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. | Zzcms | 9.8 | ||
2021-06-03 | CVE-2020-35973 | An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. | Zzcms | 5.4 | ||
2021-05-13 | CVE-2020-21342 | Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | Zzcms | 7.5 | ||
2021-05-24 | CVE-2019-12348 | An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. | Zzcms | 9.8 | ||
2021-04-08 | CVE-2020-23426 | zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. | Zzcms | 9.8 | ||
2021-01-11 | CVE-2020-23630 | A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | Zzcms | 8.8 | ||
2020-12-18 | CVE-2020-20285 | There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php | Zzcms | 5.4 |