25 matches found
CVE-2022-27133
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...
CVE-2022-27128
An incorrect access control issue at /admin/runajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts...
EUVD-2022-31664
Malicious code in bioql PyPI...
EUVD-2022-31671
Malicious code in bioql PyPI...
CVE-2022-27125
zbzcms v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the neirong parameter at /php/ajax.php...
CVE-2022-27133
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...
CVE-2022-27127
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php...
CVE-2022-27131
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27129
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-27125
zbzcms v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the neirong parameter at /php/ajax.php...
Design/Logic Flaw
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Sql injection
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php...
Arbitrary file deletion
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php...
Improper access control
An incorrect access control issue at /admin/runajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts...
Design/Logic Flaw
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file...
Sql injection
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php...
Cross site scripting
zbzcms v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the neirong parameter at /php/ajax.php...
CVE-2022-27125
zbzcms v1.0 was discovered to contain a stored cross-site scripting XSS vulnerability via the neirong parameter at /php/ajax.php...
CVE-2022-27126
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php...
CVE-2022-27128
An incorrect access control issue at /admin/runajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts...