Lucene search
+L

9 matches found

osv
osv
added 2018/09/30 8:29 p.m.4 views

CVE-2018-17798

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

6.5CVSS5.9AI score0.0117EPSS
Exploits1References1
cnvd
cnvd
added 2018/03/26 12:0 a.m.6 views

ZZCMS 'oldimg' parameter arbitrary file deletion vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' parameter in an action=modify request with a directory...

7.5CVSS7.1AI score0.02621EPSS
Exploits1References1
cnvd
cnvd
added 2018/03/26 12:0 a.m.6 views

ZZCMS user/manage.php file arbitrary file deletion vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in the user/manage.php file in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' or 'oldflv' parameter in an...

7.5CVSS7.1AI score0.02621EPSS
Exploits1References1
attackerkb
attackerkb
added 2018/03/24 6:29 p.m.3 views

CVE-2018-8967

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...

9.8CVSS5.8AI score0.0184EPSS
Exploits1References2
nvd
nvd
added 2018/03/24 6:29 p.m.25 views

CVE-2018-8967

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...

9.8CVSS9.9AI score0.0184EPSS
Exploits1References1
osv
osv
added 2018/03/24 6:29 p.m.4 views

CVE-2018-8969

An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score0.02621EPSS
Exploits1References1
osv
osv
added 2018/03/24 6:29 p.m.6 views

CVE-2018-8965

An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score0.02621EPSS
Exploits1References1
attackerkb
attackerkb
added 2018/03/24 6:29 p.m.5 views

CVE-2018-8969

An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.8AI score0.02621EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2018/03/24 12:0 a.m.6 views

PT-2018-18744 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue in zzcms allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request to the "user/ppsave.php" endpoint. This can be leveraged...

7.5CVSS7.7AI score0.02621EPSS
Exploits1References2
Rows per page
Query Builder