zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.
6.1CVSS
5.7AI Score
0.001EPSS
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters.
7.2CVSS
7.6AI Score
0.004EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.
7.5CVSS
7.7AI Score
0.002EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
7.5CVSS
7.8AI Score
0.002EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
7.5CVSS
7.8AI Score
0.002EPSS
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
7.5CVSS
7.7AI Score
0.002EPSS
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
5.4CVSS
5.3AI Score
0.002EPSS
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
7.5CVSS
7.6AI Score
0.001EPSS
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF.
9.8CVSS
9.4AI Score
0.003EPSS
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).
8.8CVSS
8.9AI Score
0.002EPSS
An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.
5.4CVSS
5.4AI Score
0.001EPSS
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
7.2CVSS
7.4AI Score
0.001EPSS
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.
7.2CVSS
7.4AI Score
0.001EPSS
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
8.8CVSS
9.1AI Score
0.001EPSS
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.
8.8CVSS
9.1AI Score
0.001EPSS
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
9.8CVSS
9.8AI Score
0.002EPSS
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.
9.8CVSS
9.4AI Score
0.004EPSS
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
5.3CVSS
5.3AI Score
0.001EPSS
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
7.5CVSS
7.6AI Score
0.001EPSS
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
7.2CVSS
7.2AI Score
0.001EPSS
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.
4.8CVSS
4.9AI Score
0.001EPSS
An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.
5.3CVSS
4.9AI Score
0.001EPSS
ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.
5.3CVSS
5.2AI Score
0.001EPSS
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.
7.2CVSS
7.2AI Score
0.001EPSS
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.
7.2CVSS
7.2AI Score
0.001EPSS
An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.
5.4CVSS
5.3AI Score
0.001EPSS
Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.
8.8CVSS
8.7AI Score
0.001EPSS
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.
9.8CVSS
9.4AI Score
0.003EPSS
ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.
9.8CVSS
9.8AI Score
0.001EPSS