Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Zzcms
(Zzcms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 80 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2018-04-05 | CVE-2018-9309 | An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request. | Zzcms | 9.8 | ||
2018-04-07 | CVE-2018-9331 | An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock. | Zzcms | 7.5 | ||
2021-08-26 | CVE-2020-19822 | A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | Zzcms | 7.2 | ||
2022-09-22 | CVE-2022-40443 | An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. | Zzcms | 5.3 | ||
2022-09-22 | CVE-2022-40444 | ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | Zzcms | 5.3 | ||
2022-09-22 | CVE-2022-40446 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. | Zzcms | 7.2 | ||
2022-09-22 | CVE-2022-40447 | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. | Zzcms | 7.2 | ||
2021-12-09 | CVE-2021-43703 | An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console. | Zzcms | 9.8 | ||
2022-06-17 | CVE-2019-12353 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. | Zzcms | 7.2 | ||
2022-06-17 | CVE-2019-12354 | An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. | Zzcms | 7.2 |