Product:

Zzcms

(Zzcms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 80
Date Id Summary Products Score Patch Annotated
2022-02-09 CVE-2021-45286 Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. Zzcms 5.3
2021-12-13 CVE-2020-19042 Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. Zzcms 6.1
2021-12-15 CVE-2021-42945 A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php. Zzcms 9.8
2021-12-09 CVE-2021-40279 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. Zzcms 7.2
2021-12-09 CVE-2021-40280 An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. Zzcms 7.2
2021-12-09 CVE-2021-40281 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. Zzcms 8.8
2021-12-09 CVE-2021-40282 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users. Zzcms 8.8
2021-10-14 CVE-2020-19957 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. Zzcms 7.5
2021-10-14 CVE-2020-19959 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. Zzcms 7.5
2021-10-14 CVE-2020-19960 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. Zzcms 7.5