Product:

Zzcms

(Zzcms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 80
Date Id Summary Products Score Patch Annotated
2021-10-14 CVE-2020-19961 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. Zzcms 7.5
2019-07-23 CVE-2019-1010149 zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php. Zzcms 9.8
2019-07-23 CVE-2019-1010150 zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php. Zzcms 9.8
2019-07-23 CVE-2019-1010152 zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. Zzcms 9.8
2021-06-03 CVE-2020-35973 An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php. Zzcms 5.4
2021-05-13 CVE-2020-21342 Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. Zzcms 7.5
2021-05-24 CVE-2019-12348 An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. Zzcms 9.8
2021-04-08 CVE-2020-23426 zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. Zzcms 9.8
2021-01-11 CVE-2020-23630 A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). Zzcms 8.8
2020-12-18 CVE-2020-20285 There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php Zzcms 5.4