CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

167 matches found

ZZZCMS ZZZPHP 1.6.3 – Remote PHP Code Execution (RCE)

ZZZCMS zzzphp v1.6.3 contains a remote code execution caused by lack of restrictions in inc/zzzfile.php, letting attackers execute arbitrary PHP code via a crafted URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter, exploit requires attacker to send malicious URL and...

9.8CVSS8.1AI score0.61672EPSS

Exploits1References2

Nuclei•added 17 hours ago•74 views

ZZZCMS zzzphp 2.1.0 - Remote Code Execution

ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via dangerkey at zzztemplate.php. id: CVE-2022-23881 info: name: ZZZCMS zzzphp 2.1.0 - Remote Code Execution author: pikpikcu severity: critical description: ZZZCMS zzzphp v2.1.0 is susceptible to a remote command...

9.8CVSS7.5AI score0.86657EPSS

Exploits1References5

Nuclei•added 2026/05/27 12:33 a.m.•182 views

ZZZCMS 1.6.1 - Remote Code Execution

ZZZCMS zzzphp V1.6.1 is vulnerable to remote code execution via the inc/zzztemplate.php file because the parserIfLabel function's filtering is not strict, resulting in PHP code execution as demonstrated by the if:assert substring. id: CVE-2019-9041 info: name: ZZZCMS 1.6.1 - Remote Code Execution...

7.2CVSS7.7AI score0.88162EPSS

Exploits8References5

RedhatCVE•added 2026/01/09 12:34 p.m.•3 views

CVE-2023-45554

File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp...

9.8CVSS7.9AI score0.09534EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 12:34 p.m.•4 views

CVE-2023-45909

zzzcms v2.2.0 was discovered to contain an open redirect vulnerability...

6.1CVSS7.3AI score0.00066EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:53 a.m.•4 views

CVE-2022-23881

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution RCE vulnerability via dangerkey at zzztemplate.php...

9.8CVSS7.7AI score0.86657EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:31 a.m.•5 views

CVE-2019-16722

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an strireplace operation...

9.8CVSS7.2AI score0.03559EPSS

Exploits1References1

RedhatCVE•added 2026/01/07 9:30 a.m.•8 views

CVE-2019-16720

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news=catchimage, as demonstrated by uploading a .htaccess or .php5 file...

7.5CVSS7AI score0.00282EPSS

Exploits1References1