11 matches found
CVE-2023-45554
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp...
EUVD-2019-7809
Malware in sbrugna...
EUVD-2023-57587
Malicious code in bioql PyPI...
CVE-2023-5263
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...
CVE-2023-45555
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the downurl function in zzz.php file...
CVE-2019-10647
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source parameter because of a lack of inc/zzzfile.php restrictions. For example, source%5B%5D=http%3A%2F%2F192.168.0.1%2Ftest.php can be used if th...
PT-2023-29762 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: zzzcms version 2.2.0 Description: The issue is related to an open redirect vulnerability. Recommendations: For zzzcms version 2.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability...
CVE-2023-5263 ZZZCMS Database Backup File save.php restore permission
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been...
Zzzcms 操作系统命令注入漏洞
ZZZCMS zzzphp is a content management system CMS. A security vulnerability exists in Zzzcms prior to version 2.0.4. The vulnerability stems from the failure of a network system or product to properly filter special characters, commands, etc. during the execution of user input construction command...
CVE-2019-9041
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzztemplate.php file, the parserIfLabel function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring...
Stored XSS Vulnerability in zzzcms
zzcms is a free website builder developed in asp language. There is a stored XSS vulnerability in zzzcms. The vulnerability occurs because zzzcms does not add a filtering mechanism when obtaining ip, an attacker can exploit the vulnerability to construct cross-site statements and obtain sensitive...