Zzcms@2019 Security Vulnerabilities and Issues — Zzcms@2019 CVE List

Lucene search

ZzcmsZzcms2019

19 matches found

CVE•added 2022/06/17 1:15 p.m.•54 views

CVE-2019-12359

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter.

7.2CVSS7.2AI score0.00242EPSS

CVE•added 2022/06/17 1:15 p.m.•50 views

CVE-2019-12357

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.

7.2CVSS7.2AI score0.00242EPSS

CVE•added 2022/06/17 1:15 p.m.•47 views

CVE-2019-12354

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.

7.2CVSS7.2AI score0.00242EPSS

CVE•added 2022/06/02 2:15 p.m.•45 views

CVE-2019-12349

An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.

9.8CVSS9.8AI score0.00355EPSS

CVE•added 2022/06/17 1:15 p.m.•45 views

CVE-2019-12352

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.

8.8CVSS8.9AI score0.00265EPSS

CVE•added 2022/06/17 1:15 p.m.•43 views

CVE-2019-12358

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie.

8.8CVSS8.9AI score0.00265EPSS

CVE•added 2022/06/17 1:15 p.m.•41 views

CVE-2019-12353

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter.

7.2CVSS7.2AI score0.00242EPSS

CVE•added 2021/12/13 9:15 p.m.•41 views

CVE-2020-19042

Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.

6.1CVSS5.7AI score0.00293EPSS

CVE•added 2020/12/18 7:15 p.m.•40 views

CVE-2020-20285

There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php

5.4CVSS5.3AI score0.06066EPSS

CVE•added 2021/05/24 4:15 p.m.•39 views

CVE-2019-12348

An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.

9.8CVSS9.9AI score0.00402EPSS

CVE•added 2022/06/17 1:15 p.m.•39 views

CVE-2019-12355

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.

8.8CVSS8.9AI score0.00265EPSS

CVE•added 2021/10/14 3:15 p.m.•39 views

CVE-2020-19960

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.

7.5CVSS7.8AI score0.00403EPSS

CVE•added 2022/06/17 1:15 p.m.•38 views

CVE-2019-12356

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.

8.8CVSS8.9AI score0.00274EPSS

CVE•added 2022/06/02 2:15 p.m.•37 views

CVE-2019-12350

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

9.8CVSS9.8AI score0.00388EPSS

CVE•added 2022/06/02 2:15 p.m.•35 views

CVE-2019-12351

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.

9.8CVSS9.8AI score0.00388EPSS

CVE•added 2019/02/24 5:29 p.m.•35 views

CVE-2019-9078

zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.

5.4CVSS5.3AI score0.00206EPSS

CVE•added 2021/10/14 3:15 p.m.•32 views

CVE-2020-19959

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.

7.5CVSS7.8AI score0.00403EPSS

CVE•added 2021/10/14 3:15 p.m.•32 views

CVE-2020-19961

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.

7.5CVSS7.7AI score0.00788EPSS

CVE•added 2021/10/14 3:15 p.m.•30 views

CVE-2020-19957

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.

7.5CVSS7.7AI score0.00403EPSS