PT-2024-31266 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the "admin/del.php" component. This flaw enables the attacker...

ZZCMS suffers from SQL injection vulnerability (CNVD-2020-47244)

ZZCMS is a free website builder developed in asp language. ZZCMS suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

ZZZphp sa***.php page la*** parameter has SQL injection vulnerability

zzcms is a PHP and MYSQL based on free open source building system. ZZZphp sa.php page la parameters exist SQL injection vulnerability, attackers can use the vulnerability to obtain sensitive information database...

ZZCMS Arbitrary File Deletion Vulnerability (CNVD-2018-12559)

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in the /user/del.php file in ZZCMS version 8.3. The vulnerability can be exploited to delete arbitrary files by placing a relative path to the zzcmsmain form and sending a reque...

SQL Injection Vulnerability in zzcms 'zx.php'

ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in zzcms 'zx.php'. It allows attackers to exploit the vulnerability to obtain sensitive database information...