4 matches found
CVE-2022-28522
ZCMS v20170206 contains a stored XSS vulnerability in index.php?m=home&c=message&a=add. The root cause is a stored cross-site scripting flaw in the message add endpoint, allowing injection that can affect other users. According to the provided sources, the impact is C=L/I=L (partial integrity imp...
CVE-2022-28521
CVE-2022-28521 affects ZCMS v20170206 (thinkphp-zcms). The vulnerability is a file inclusion flaw in index.php?m=home&c=home&a=sp_set_config that can lead to arbitrary code execution. Several sources (NVD, CNVD/CNNVD, Red Hat, PRION) corroborate the file inclusion risk; exploitation status is not...
CVE-2015-7347
CVE-2015-7347 affects ZCMS 1.1 JavaServer Pages Content Management System. The connected sources confirm a cross-site scripting (XSS) vulnerability in ZCMS 1.1 (no detailed root cause in the provided docs). Public exploit references exist (Exploit-DB and PacketStorm) describing XSS and SQL Inject...
CVE-2015-7346
CVE-2015-7346 affects ZCMS 1.1 (Zeyuan Web Content Management System). The connected documents confirm a SQL injection vulnerability in ZCMS 1.1 that can bypass authentication to reach the admin area, caused by constructing queries via string concatenation (e.g., vulnerable login query). Public e...