18 matches found
CVE-2025-34467
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...
EUVD-2025-206081
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...
CVE-2025-34467
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...
CVE-2025-34467
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...
CVE-2025-34467 ZwiiCMS < 13.7.00 Lock Persistence Authenticated DoS Against Administrative Pages
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...
CVE-2025-34467 ZwiiCMS < 13.7.00 Lock Persistence Authenticated DoS Against Administrative Pages
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns...
PT-2025-54429
Name of the Vulnerable Software and Affected Versions ZwiiCMS versions prior to 13.7.00 Description The software contains a denial-of-service issue in several administrative areas because of incorrect authorization checks and problems with how resources are handled. A user with limited access can...
ZwiiCMS 安全漏洞
ZwiiCMS is a website builder by Fred Personal Developer. A security vulnerability exists in ZwiiCMS versions prior to 13.7.00 that stems from improper authorization checking and a resource state management flaw that could lead to a denial of service attack...
CVE-2025-57130
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...
CVE-2025-57130
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...
ZwiiCMS 安全漏洞
ZwiiCMS is a website builder by Fred Personal Developer. A security vulnerability exists in ZwiiCMS 13.6.07 and earlier versions, which stems from improper access control of the user management component and may result in elevated privileges...
CVE-2025-57130
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...
CVE-2025-57130
ZwiiCMS up to v13.6.07 suffers an Incorrect Access Control flaw in the user management component that lets a remote, authenticated, low-privilege user escalate privileges by sending a specially crafted HTTP request to access/modify other users’ profiles (including admins). Documents consistently ...
EUVD-2025-37897
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...
CVE-2025-57130
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...
ZwiiCMS 12.2.04 - Remote Code Execution (Authenticated)
Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions Tested on: Linux CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager"...
ZwiiCMS 12.2.04 Remote Code Execution Exploit
Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its file manager feature...
ZwiiCMS 12.2.04 Remote Code Execution
Exploit Title: ZwiiCMS 12.2.04 Remote Code Execution Authenticated Date: 03/06/2023 Exploit Author: Hadi Mene Vendor Homepage: https://zwiicms.fr/ Version: 12.2.04 and potentially lower versions CVE: CVE-2020-10567 Category: webapps ZwiiCMS 12.2.04 uses "Responible FileManager" 9.14.0 for its fil...