8 matches found
CVE-2020-21342
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php...
CVE-2020-23426
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...
CVE-2020-21342
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php...
Default credentials
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php...
CVE-2020-21342
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php...
CVE-2020-21342
CVE-2020-21342 affects the zzcms web application (version 201910). The issue is an insecure permissions weakness in the password reset flow, specifically via /one/getpassword.php, allowing an attacker to reset any user password. Root cause described as improperly designed or implemented code for ...
Improper access control
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...
CVE-2020-23426
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF...