17 matches found
CVE-2018-17798
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
Directory traversal
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-17797
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
Arbitrary File Deletion Vulnerability in zzcms
ZzCMS is the content management system of Webmaster Merchants. An arbitrary file deletion vulnerability exists in user/adv.php in zzcms 8.2. A remote attacker can exploit this vulnerability by deleting arbitrary files via a directory traversal sequence in the oldimg parameter. An attacker can...
CVE-2018-9331
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...
PT-2018-18988 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue was discovered that allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in the user/adv.php endpoint. This can be leveraged for database access by...
ZZCMS 'oldimg' parameter arbitrary file deletion vulnerability
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' parameter in an action=modify request with a directory...
ZZCMS user/manage.php file arbitrary file deletion vulnerability
ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A security vulnerability exists in the user/manage.php file in ZZCMS version 8.2. The vulnerability can be exploited by a remote attacker to delete arbitrary files with the 'oldimg' or 'oldflv' parameter in an...
CVE-2018-8965
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8968
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8969
An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8969
An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8965
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8968
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
PT-2018-18744 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue in zzcms allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request to the "user/ppsave.php" endpoint. This can be leveraged...
PT-2018-18747 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue was discovered that allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an "action=modify" request to the "user/manage.php" endpoint...
PT-2018-18748 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: An issue in zzcms allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request to the "user/licence save.php" endpoint. This can be...