Lucene search
K
Aas9Zerocms

5 matches found

CVE
CVE
added 2014/07/09 2:0 p.m.62 views

CVE-2014-4194

ZeroCMS 1.0 is affected by an SQL injection in zero_transact_article.php via the article_id POST parameter in the Submit Comment action. The vulnerability arises from unsanitized input, enabling remote attackers to execute arbitrary SQL commands and potentially access or manipulate the database. ...

7.5CVSS8.4AI score0.01241EPSS
CVE
CVE
added 2014/07/29 2:0 p.m.59 views

CVE-2014-4710

CVE-2014-4710 affects ZeroCMS 1.0. The vulnerability is a stored XSS in the ZeroCMS component referenced as zero_user_account.php, where the Full Name field can be submitted unsafely. The root cause, as described in the source material, is that user input is unsanitized and saved in the backend d...

4.3CVSS5.7AI score0.03217EPSS
Web
CVE
CVE
added 2014/06/11 2:0 p.m.54 views

CVE-2014-4034

CVE-2014-4034 concerns ZeroCMS 1.0, where a SQL injection flaw exists in zero_view_article.php via the article_id parameter. The vulnerability allows remote attackers to manipulate SQL queries and potentially access or alter data in the backend. The issue is documented with a base CVSS v2 score o...

7.5CVSS8.5AI score0.0625EPSS
Web
CVE
CVE
added 2015/02/06 3:0 p.m.53 views

CVE-2015-1442

CVE-2015-1442 describes a SQL injection in ZeroCMS. Affected: ZeroCMS versions 1.3.3, 1.3.2 and earlier. Vulnerability located in views/zero_transact_user.php (administrative backend) where the user_id parameter in a Modify Account action can be exploited by remote authenticated users to execute ...

7.5CVSS8AI score0.02368EPSS
Web
CVE
CVE
added 2014/07/03 2:0 p.m.49 views

CVE-2014-4195

CVE-2014-4195 describes an XSS vulnerability in ZeroCMS 1.0, where the parameter article_id in zero_view_article.php can be exploited to inject arbitrary web script or HTML. The entry (NVD, CVSS v2 base score 4.3, Medium) indicates the issue is exploitable via network with no authentication, with...

4.3CVSS5.9AI score0.01427EPSS