Lucene search
K
Zcms ProjectZcms

4 matches found

CVE
CVE
added 2022/04/26 8:29 p.m.75 views

CVE-2022-28522

ZCMS v20170206 contains a stored XSS vulnerability in index.php?m=home&c=message&a=add. The root cause is a stored cross-site scripting flaw in the message add endpoint, allowing injection that can affect other users. According to the provided sources, the impact is C=L/I=L (partial integrity imp...

5.4CVSS5.3AI score0.00582EPSS
CVE
CVE
added 2022/04/26 8:29 p.m.74 views

CVE-2022-28521

CVE-2022-28521 affects ZCMS v20170206 (thinkphp-zcms). The vulnerability is a file inclusion flaw in index.php?m=home&c=home&a=sp_set_config that can lead to arbitrary code execution. Several sources (NVD, CNVD/CNNVD, Red Hat, PRION) corroborate the file inclusion risk; exploitation status is not...

9.8CVSS9.4AI score0.01548EPSS
CVE
CVE
added 2017/09/20 6:0 p.m.48 views

CVE-2015-7347

CVE-2015-7347 affects ZCMS 1.1 JavaServer Pages Content Management System. The connected sources confirm a cross-site scripting (XSS) vulnerability in ZCMS 1.1 (no detailed root cause in the provided docs). Public exploit references exist (Exploit-DB and PacketStorm) describing XSS and SQL Inject...

4.8CVSS6.5AI score0.01107EPSS
CVE
CVE
added 2017/06/07 9:0 p.m.46 views

CVE-2015-7346

CVE-2015-7346 affects ZCMS 1.1 (Zeyuan Web Content Management System). The connected documents confirm a SQL injection vulnerability in ZCMS 1.1 that can bypass authentication to reach the admin area, caused by constructing queries via string concatenation (e.g., vulnerable login query). Public e...

9.8CVSS9.8AI score0.037EPSS