Zrlog Security Vulnerabilities

CVE-2020-27514

Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service...

CVE-2020-21052

Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment...

CVE-2021-44093

A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a...

CVE-2021-44094

ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR...

CVE-2020-18066

Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in...

CVE-2020-21316

A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin...

CVE-2020-19005

zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file...

CVE-2019-16643

An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit...

CVE-2018-17079

An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment...

CVE-2018-17420

An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords...

CVE-2018-17421

An issue was discovered in ZrLog 2.0.3. There is stored XSS in the file upload area via a crafted attached/file/...