Lucene search
K

18 matches found

OSV
OSV
added 2019/07/23 2:15 p.m.3 views

CVE-2019-1010150

zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php...

9.8CVSS5.8AI score0.02442EPSS
Exploits1References1
OSV
OSV
added 2019/03/07 11:29 p.m.3 views

CVE-2018-17415

zzcms V8.3 has a SQL injection in /user/zselite.php via the id parameter...

8.8CVSS5.8AI score0.01319EPSS
Exploits1References1
OSV
OSV
added 2018/10/29 12:29 p.m.5 views

CVE-2018-18787

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie...

9.8CVSS5.8AI score0.01202EPSS
Exploits1References1
OSV
OSV
added 2018/10/29 12:29 p.m.4 views

CVE-2018-18790

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/specialadd.php via a zxbigclassid cookie. This needs an admin user login...

7.2CVSS5.8AI score0.01059EPSS
Exploits1References1
OSV
OSV
added 2018/09/30 8:29 p.m.3 views

CVE-2018-17798

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

6.5CVSS5.9AI score0.0117EPSS
Exploits1References1
CNVD
CNVD
added 2018/09/18 12:0 a.m.1 views

SQL injection vulnerability in cl***.php file in ZZCMS 8.3 version

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. A SQL injection vulnerability exists in the cl.php file in ZZCMS version 8.3. An attacker can exploit the vulnerability to obtain sensitive database information...

7.9AI score
Exploits0
OSV
OSV
added 2018/09/02 6:29 p.m.3 views

CVE-2018-16344

An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in the flv parameter. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score0.01892EPSS
Exploits1References1
OSV
OSV
added 2018/08/20 7:31 p.m.3 views

CVE-2018-1000653

zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx...

9.8CVSS5.8AI score0.01202EPSS
Exploits1References1
CNVD
CNVD
added 2018/08/14 12:0 a.m.1 views

ZZCMS V8.2 has arbitrary directory deletion vulnerability

ZZCMS is a CMS Content Management System used to quickly build Merchants type websites. ZZCMS V8.2 has an arbitrary directory deletion vulnerability, which can be exploited by attackers to delete arbitrary files...

7AI score
Exploits0
OSV
OSV
added 2018/08/06 3:29 p.m.2 views

CVE-2018-14963

zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI...

8.8CVSS5.8AI score0.0065EPSS
Exploits1References1
OSV
OSV
added 2018/07/03 7:29 p.m.2 views

CVE-2018-13116

/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcmsask table...

9.8CVSS5.8AI score0.01135EPSS
Exploits1References1
OSV
OSV
added 2018/03/24 6:29 p.m.5 views

CVE-2018-8966

An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo call into /inc/config.php...

7.5CVSS5.8AI score0.01805EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2018/03/24 6:29 p.m.1 views

CVE-2018-8965

An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.8AI score0.02621EPSS
Exploits1References2
OSV
OSV
added 2018/03/24 6:29 p.m.4 views

CVE-2018-8969

An issue was discovered in zzcms 8.2. user/licencesave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock...

7.5CVSS5.9AI score
Exploits0References1
CNVD
CNVD
added 2018/03/16 12:0 a.m.1 views

Configuration file write vulnerability in ZZCMS version 8.2

zzcms is a free website builder developed in asp language. There is a configuration file writing vulnerability in the index.php file of zzcms version 8.2, which can be exploited by an attacker to write some configuration information into the configuration file to gain server privileges...

7AI score
Exploits0
OSV
OSV
added 2018/02/24 3:29 a.m.4 views

CVE-2018-7434

zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qqconnect2.0/API/class/ErrorCase.class.php or 3/ucenterapi/code/friend.php...

5.3CVSS5.8AI score
Exploits0References2
CNVD
CNVD
added 2017/09/03 12:0 a.m.1 views

Reinstallation Bypass Vulnerability in ZZCMS Version 8.1

ZZCMS is an enterprise website builder. A reinstallation bypass vulnerability exists in ZZCMS version 8.1. The vulnerability is caused by determining whether the lock file is installed at step1, which can be directly submitted by POST to the later steps of the reinstallation, allowing an attacker...

7.1AI score
Exploits0
CNVD
CNVD
added 2017/03/16 12:0 a.m.3 views

ZZCMS V8.0 SQL Injection Vulnerability in admin/about.php File

ZZCMS is an enterprise website builder. A SQL injection vulnerability exists in the ZZCMS V8.0 admin/about.php file. The lack of filtering of the 'id' parameter obtained from $post'id' allows an attacker to exploit the vulnerability to obtain sensitive database information...

7.8AI score
Exploits0
Rows per page
Query Builder