Lucene search
+L

168 matches found

Prion
Prion
added 2021/02/05 2:15 p.m.17 views

Sql injection

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzztemplate.php...

7.5CVSS9.9AI score0.03589EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/02/05 12:0 a.m.6 views

ZZZCMS zzzphp SQL注入漏洞

ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in ZZZCMS zzzphp version 1.7.1, which allows remote attackers to exploit the vulnerability to execute arbitrary code...

9.8CVSS7.6AI score0.03589EPSS
Exploits1References2
Cvelist
Cvelist
added 2021/02/04 11:25 p.m.22 views

CVE-2020-18717

SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzztemplate.php...

9.9AI score0.03589EPSS
Exploits1References1
CVE
CVE
added 2021/02/04 11:25 p.m.44 views

CVE-2020-18717

The CVE-2020-18717 entry concerns ZZZCMS zzzphp 1.7.1, where a SQL injection due to lack of parameter filtering in inc/zzz_template.php allows remote code execution. Public sources classify the impact as high/critical (NVD CVSS v3.1: 9.8; v2: 7.5). The affected component is the zzz_template.php p...

9.8CVSS9.8AI score0.03589EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2020/11/11 12:0 a.m.2 views

SQL injection vulnerability exists in zzzzphp (CNVD-2020-67552)

zzcms is a free website builder developed in asp language. There is a SQL injection vulnerability in zzzphp, which can be exploited by attackers to obtain sensitive database information...

7.9AI score
Exploits0
CNVD
CNVD
added 2020/03/26 12:0 a.m.2 views

Command Execution Vulnerability in ZZZCMS

zzcms is a free website builder developed in asp language. ZZZCMS has a command execution vulnerability that can be exploited by attackers to gain control of the web server...

7.4AI score
Exploits0
CNVD
CNVD
added 2020/03/09 12:0 a.m.4 views

SQL Injection Vulnerability in zzzcms zz***_ma***.php

zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in zzzcms zzma.php, which can be exploited by an attacker to obtain sensitive information about a database...

7.7AI score
Exploits0
CNVD
CNVD
added 2019/12/11 12:0 a.m.1 views

SQL Injection Vulnerability in zzzcms sa***.php Page

zzcms is a PHP and MYSQL based CMS. A SQL injection vulnerability exists in the zzzcms sa.php page, which can be exploited by an attacker to obtain sensitive information from the database...

7.7AI score
Exploits0
CNVD
CNVD
added 2019/11/15 12:0 a.m.3 views

Code Execution Vulnerability in ZZZcms 1.7.3

zzcms using ASP ACCESS/MSSQL free station building system , all source code open source complete , support the direct use . ZZZcms 1.7.3 there is a code execution vulnerability , attackers can use the vulnerability to inject malicious code...

7.6AI score
Exploits0
CNVD
CNVD
added 2019/11/06 12:0 a.m.3 views

XML Entity Injection Vulnerability in zzzcms zzzphp Backend

zzzcms zzzphp is a content management system CMS. An XML entity injection vulnerability exists in the zzzcms zzzphp backend. An attacker can exploit the vulnerability to gain unauthorized access to files in arbitrary directories...

7.6AI score
Exploits0
CNVD
CNVD
added 2019/10/15 12:0 a.m.4 views

ZZZCMS zzzphp input validation error vulnerability (CNVD-2020-14279)

ZZZCMS zzzphp is a content management system CMS. An input validation error vulnerability exists in the 'parserIfLabel' function of the inc/zzztemplate.php file in ZZZCMS zzzphp version 1.7.3, which can be exploited by a remote attacker to bypass the 'danger key' function to execute arbitrary cod...

9.8CVSS7.5AI score0.03691EPSS
Exploits1References1
NVD
NVD
added 2019/10/14 12:15 p.m.23 views

CVE-2019-17408

parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...

9.8CVSS9.7AI score0.03691EPSS
Exploits1References1
OSV
OSV
added 2019/10/14 12:15 p.m.5 views

CVE-2019-17408

parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...

9.8CVSS7.6AI score0.03691EPSS
Exploits1References1
Prion
Prion
added 2019/10/14 12:15 p.m.16 views

Code injection

parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...

7.5CVSS9.7AI score0.03691EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2019/10/14 11:43 a.m.29 views

CVE-2019-17408

parserIfLabel in inc/zzztemplate.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the dangerkey function can be bypassed via manipulations such as strtr...

9.8AI score0.03691EPSS
Exploits1References1
CVE
CVE
added 2019/10/14 11:43 a.m.59 views

CVE-2019-17408

Affected software: ZZZCMS zzzphp 1.7.3. The issue is in parserIfLabel within inc/zzz_template.php, where the danger_key function can be bypassed (e.g., via strtr), enabling remote attackers to execute arbitrary code. This is the explicit root cause and consequence stated across multiple sources. ...

9.8CVSS9.6AI score0.03691EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/09/23 2:15 p.m.25 views

CVE-2019-16722

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...

9.8CVSS9.7AI score0.03116EPSS
Exploits1References1
OSV
OSV
added 2019/09/23 2:15 p.m.4 views

CVE-2019-16720

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...

7.5CVSS7.1AI score0.01436EPSS
Exploits1References1
NVD
NVD
added 2019/09/23 2:15 p.m.19 views

CVE-2019-16720

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file...

7.5CVSS7.5AI score0.01436EPSS
Exploits1References1
OSV
OSV
added 2019/09/23 2:15 p.m.8 views

CVE-2019-16722

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...

9.8CVSS7.3AI score0.03116EPSS
Exploits1References1
Rows per page
Query Builder