Zzcms Security Vulnerabilities
ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary...
9.8CVSS
9.8AI Score
0.001EPSS
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in...
9.8CVSS
9.4AI Score
0.003EPSS
Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in...
8.8CVSS
8.7AI Score
0.001EPSS
An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in...
5.4CVSS
5.3AI Score
0.001EPSS
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in...
9.8CVSS
9.7AI Score
0.002EPSS
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at...
7.2CVSS
7.2AI Score
0.001EPSS
ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP?...
5.3CVSS
5.2AI Score
0.001EPSS
An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to...
5.3CVSS
4.9AI Score
0.001EPSS
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component...
7.2CVSS
7.2AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid...
8.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id...
7.2CVSS
7.2AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id...
8.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id...
7.2CVSS
7.2AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid...
8.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id...
7.2CVSS
7.2AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id...
7.2CVSS
7.2AI Score
0.001EPSS
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id...
8.8CVSS
8.9AI Score
0.001EPSS
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing...
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id...
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing...
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in...
4.8CVSS
4.9AI Score
0.001EPSS
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in...
7.2CVSS
7.2AI Score
0.001EPSS
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any...
7.5CVSS
7.6AI Score
0.001EPSS
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3)...
5.3CVSS
5.3AI Score
0.001EPSS
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in...
9.8CVSS
9.8AI Score
0.002EPSS
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in...
6.1CVSS
5.7AI Score
0.001EPSS
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator...
9.8CVSS
9.4AI Score
0.004EPSS
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary...
8.8CVSS
9.1AI Score
0.001EPSS
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary...
8.8CVSS
9.1AI Score
0.001EPSS
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in...
7.2CVSS
7.4AI Score
0.001EPSS
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in...
7.2CVSS
7.4AI Score
0.001EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php...
7.5CVSS
7.7AI Score
0.002EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page...
7.5CVSS
7.8AI Score
0.002EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component...
7.5CVSS
7.7AI Score
0.002EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page...
7.5CVSS
7.8AI Score
0.002EPSS
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title"...
7.2CVSS
7.6AI Score
0.004EPSS
An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via...
5.4CVSS
5.4AI Score
0.001EPSS
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST...
9.8CVSS
9.9AI Score
0.002EPSS
7.5CVSS
7.6AI Score
0.001EPSS
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as...
9.8CVSS
9.4AI Score
0.003EPSS
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie...
8.8CVSS
8.9AI Score
0.002EPSS
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via...
5.4CVSS
5.3AI Score
0.002EPSS
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is:...
9.8CVSS
9.4AI Score
0.009EPSS
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line...
9.8CVSS
9.4AI Score
0.009EPSS
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is:...
9.8CVSS
9.4AI Score
0.009EPSS
zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is:...
9.8CVSS
9.6AI Score
0.002EPSS
zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code...
9.8CVSS
9.6AI Score
0.003EPSS
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid...
7.2CVSS
7.3AI Score
0.001EPSS
8.8CVSS
8.9AI Score
0.001EPSS
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP...
9.8CVSS
9.7AI Score
0.002EPSS