31 matches found
EUVD-2018-20576
Malware in sbrugna...
EUVD-2018-20573
Malware in sbrugna...
EUVD-2021-32120
Malicious code in bioql PyPI...
EUVD-2021-27465
Malicious code in bioql PyPI...
CVE-2021-45347
CVE-2021-45347 affects zzcms 8.2. It is an Incorrect Access Control vulnerability allowing an unauthenticated attacker to bypass login by changing the username in the cookie to use any password. The connected sources consistently describe this flaw as an authentication bypass in zzcms 8.2. No spe...
CVE-2021-40279
CVE-2021-40279 affects the zz cms (ZZCMS) platform. The vulnerability is an SQL injection in the admin/bad.php file, exploitable via the id parameter. Affected versions include 8.2, 8.3, and the 2020/2021 branches. The root cause is lack of input validation for external input in the SQL statement...
Directory traversal
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock...
CVE-2018-9309
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dlsendsms.php request...
Sql injection
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dlsendsms.php request...
CVE-2018-9309
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dlsendsms.php request...
CVE-2018-8968
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8965
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8966
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...
CVE-2018-8968
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
Code injection
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...
CVE-2018-8967
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...
Sql injection
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request...
Directory traversal
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
Directory traversal
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...
CVE-2018-8968
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...