Product:

Zzcms

(Zzcms)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 80
Date Id Summary Products Score Patch Annotated
2022-06-17 CVE-2019-12357 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. Zzcms 7.2
2022-06-17 CVE-2019-12358 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. Zzcms 8.8
2022-06-17 CVE-2019-12359 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. Zzcms 7.2
2022-06-17 CVE-2019-12352 An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. Zzcms 8.8
2022-06-02 CVE-2019-12349 An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. Zzcms 9.8
2022-06-02 CVE-2019-12350 An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. Zzcms 9.8
2022-06-02 CVE-2019-12351 An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. Zzcms 9.8
2022-04-08 CVE-2021-46437 An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. Zzcms 4.8
2022-04-08 CVE-2021-46436 An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. Zzcms 7.2
2022-02-14 CVE-2021-45347 An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password. Zzcms 7.5