CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11 matches found

OSV•added 2025/12/18 12:16 a.m.•1 views

CVE-2025-14837

A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of the component Backend Website Settings Module. Such manipulation of the argument icp leads to code injection. The attack can be executed remotely. The exploit has bee...

7.2CVSS5.6AI score

Exploits0References4

CNNVD•added 2025/12/18 12:0 a.m.•2 views

ZZCMS 代码注入漏洞

ZZCMS is a content management system CMS from the China ZZCMS team. A code injection vulnerability exists in ZZCMS version 2025, which stems from incorrect manipulation of the parameter icp in the back-end site settings module file /admin/siteconfig.php, which may lead to code injection...

7.2CVSS5.3AI score0.00047EPSS

Exploits1References5

Cvelist•added 2025/12/17 11:32 p.m.•23 views

CVE-2025-14837 ZZCMS Backend Website Settings siteconfig.php stripfxg code injection

5.8CVSS0.00047EPSS

Exploits1References4

CVE•added 2025/12/17 11:32 p.m.•10 views

CVE-2025-14837

ZZCMS 2025 has a code injection vulnerability in the Backend Website Settings Module. The stripfxg function in /admin/siteconfig.php mishandles the icp argument, enabling remote code execution. Exploit has been publicly disclosed. Affected: ZZCMS 2025; file: /admin/siteconfig.php; function: strip...

7.2CVSS6.8AI score0.00047EPSS

Exploits1References4Affected Software1

Positive Technologies•added 2025/12/17 12:0 a.m.•2 views

PT-2025-51982

Name of the Vulnerable Software and Affected Versions ZZCMS version 2025 Description A code injection issue exists in ZZCMS 2025, specifically within the Backend Website Settings Module. The stripfxg function in the /admin/siteconfig.php file is affected. Manipulation of the icp argument can lead...

7.2CVSS5AI score0.00047EPSS

Exploits1References10

RedhatCVE•added 2025/05/23 6:16 a.m.•2 views

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

4.8CVSS6.1AI score0.00108EPSS

Exploits1References1

OSV•added 2024/10/25 9:15 p.m.•0 views

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

4.8CVSS5.8AI score

Exploits0References1

NVD•added 2024/10/25 9:15 p.m.•13 views

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

4.8CVSS0.00108EPSS

Exploits1References1

CVE•added 2024/10/25 12:0 a.m.•71 views

CVE-2024-48233

The CVE-2024-48233 entry affects mipjz 5.0.5, with a Cross Site Scripting (XSS) flaw in \app\setting\controller\ApiAdminSetting.php via the ICP parameter. Root cause: improper handling/validation of the ICP parameter leading to XSS. Impact as stated: potential for script injection; CVSS 3.1 base ...

4.8CVSS6.2AI score0.00108EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/10/25 12:0 a.m.•13 views

CVE-2024-48233

mipjz 5.0.5 is vulnerable to Cross Site Scripting XSS in \app\setting\controller\ApiAdminSetting.php via the ICP parameter...

0.00108EPSS

Exploits1References1