CVE-2020-19042

Cross Site Scripting XSS vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php...

Arbitrary file deletion

DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php...

CVE-2022-28114

CVE-2022-28114 affects DSCMS v3.0, where an arbitrary file deletion vulnerability is triggered via the endpoint /controller/Adv.php. The available connected sources confirm the issue exists in DSCMS v3.0 and describe the impact as arbitrary file deletion. No specific exploit details, affected fil...

CVE-2022-28114

DSCMS v3.0 was discovered to contain an arbitrary file deletion vulnerability via /controller/Adv.php...

Cross site scripting

Cross Site Scripting XSS vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php...

CVE-2020-19042

Cross Site Scripting XSS vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php...

Improper access control

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...

CVE-2020-23426

zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...

CVE-2018-9331

An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...

ShopBuilder module\adv\admin\adv. php, etc. 5 SQL injection

ShopBuilder description ShopBuilder is designed for large and medium-sized enterprises to develop the professional-level e-Commerce Mall system, powerful, safe and convenient, can carry tens of millions of views, make the enterprise low-cost to quickly build an online Mall, turn on the e-Commerce...