5 matches found
CVE-2014-4194
ZeroCMS 1.0 is affected by an SQL injection in zero_transact_article.php via the article_id POST parameter in the Submit Comment action. The vulnerability arises from unsanitized input, enabling remote attackers to execute arbitrary SQL commands and potentially access or manipulate the database. ...
CVE-2014-4710
CVE-2014-4710 affects ZeroCMS 1.0. The vulnerability is a stored XSS in the ZeroCMS component referenced as zero_user_account.php, where the Full Name field can be submitted unsafely. The root cause, as described in the source material, is that user input is unsanitized and saved in the backend d...
CVE-2014-4034
CVE-2014-4034 concerns ZeroCMS 1.0, where a SQL injection flaw exists in zero_view_article.php via the article_id parameter. The vulnerability allows remote attackers to manipulate SQL queries and potentially access or alter data in the backend. The issue is documented with a base CVSS v2 score o...
CVE-2015-1442
CVE-2015-1442 describes a SQL injection in ZeroCMS. Affected: ZeroCMS versions 1.3.3, 1.3.2 and earlier. Vulnerability located in views/zero_transact_user.php (administrative backend) where the user_id parameter in a Modify Account action can be exploited by remote authenticated users to execute ...
CVE-2014-4195
CVE-2014-4195 describes an XSS vulnerability in ZeroCMS 1.0, where the parameter article_id in zero_view_article.php can be exploited to inject arbitrary web script or HTML. The entry (NVD, CVSS v2 base score 4.3, Medium) indicates the issue is exploitable via network with no authentication, with...