168 matches found
Sql injection
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzztemplate.php...
ZZZCMS zzzphp SQL注入漏洞
ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in ZZZCMS zzzphp version 1.7.1, which allows remote attackers to exploit the vulnerability to execute arbitrary code...
CVE-2020-18717
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzztemplate.php...
CVE-2020-18717
The CVE-2020-18717 entry concerns ZZZCMS zzzphp 1.7.1, where a SQL injection due to lack of parameter filtering in inc/zzz_template.php allows remote code execution. Public sources classify the impact as high/critical (NVD CVSS v3.1: 9.8; v2: 7.5). The affected component is the zzz_template.php p...
SQL injection vulnerability exists in zzzzphp (CNVD-2020-67552)
zzcms is a free website builder developed in asp language. There is a SQL injection vulnerability in zzzphp, which can be exploited by attackers to obtain sensitive database information...
Command Execution Vulnerability in ZZZCMS
zzcms is a free website builder developed in asp language. ZZZCMS has a command execution vulnerability that can be exploited by attackers to gain control of the web server...
SQL Injection Vulnerability in zzzcms zz***_ma***.php
zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in zzzcms zzma.php, which can be exploited by an attacker to obtain sensitive information about a database...
SQL Injection Vulnerability in zzzcms sa***.php Page
zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the zzzcms sa.php page, which can be exploited by an attacker to obtain sensitive information from the database...
Code Execution Vulnerability in ZZZcms 1.7.3
zzcms using ASP ACCESS/MSSQL free station building system , all source code open source complete , support the direct use . ZZZcms 1.7.3 there is a code execution vulnerability , attackers can use the vulnerability to inject malicious code...
XML Entity Injection Vulnerability in zzzcms zzzphp Backend
zzzcms zzzphp is a content management system CMS. An XML entity injection vulnerability exists in the zzzcms zzzphp backend. An attacker can exploit the vulnerability to gain unauthorized access to files in arbitrary directories...
ZZZCMS zzzphp input validation error vulnerability (CNVD-2020-14279)
ZZZCMS zzzphp is a content management system CMS. An input validation error vulnerability exists in the 'parserIfLabel' function of the inc/zzztemplate.php file in ZZZCMS zzzphp version 1.7.3, which can be exploited by a remote attacker to bypass the 'danger key' function to execute arbitrary cod...
CVE-2019-17408
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
CVE-2019-17408
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
Code injection
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
CVE-2019-17408
parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...
CVE-2019-17408
Affected software: ZZZCMS zzzphp 1.7.3. The issue is in parserIfLabel within inc/zzz_template.php, where the danger_key function can be bypassed (e.g., via strtr), enabling remote attackers to execute arbitrary code. This is the explicit root cause and consequence stated across multiple sources. ...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...
CVE-2019-16720
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2019-16720
ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...
CVE-2019-16722
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...