Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSV
OSVadded 2018/09/30 8:29 p.m.2 views

CVE-2018-17798

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

6.5CVSS5.9AI score0.00259EPSS
Exploits1References1
CNVD
CNVDadded 2018/03/26 12:0 a.m.1 views

ZZCMS 'oldimg' parameter arbitrary file deletion vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' parameter in an action=modify request with a directory...

7.5CVSS7.1AI score0.00634EPSS
Exploits1References1
CNVD
CNVDadded 2018/03/26 12:0 a.m.2 views

ZZCMS user/manage.php file arbitrary file deletion vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in the user/manage.php file in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' or 'oldflv' parameter in an...

7.5CVSS7.1AI score0.00585EPSS
Exploits1References1
OSV
OSVadded 2018/03/24 6:29 p.m.3 views

CVE-2018-8969

An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2018/03/24 6:29 p.m.3 views

CVE-2018-8969

An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.8AI score0.00585EPSS
Exploits1References2
ATTACKERKB
ATTACKERKBadded 2018/03/24 6:29 p.m.1 views

CVE-2018-8967

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...

9.8CVSS5.8AI score0.00381EPSS
Exploits1References2
NVD
NVDadded 2018/03/24 6:29 p.m.14 views

CVE-2018-8967

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...

9.8CVSS9.9AI score0.00381EPSS
Exploits1References1
OSV
OSVadded 2018/03/24 6:29 p.m.1 views

CVE-2018-8965

An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2018/03/24 12:0 a.m.2 views

PT-2018-18744 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue in zzcms allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request to the "user/ppsave.php" endpoint. This can be leveraged...

7.5CVSS7.7AI score0.00634EPSS
Exploits1References2
Rows per page
Query Builder