Lucene search
K
ZzzcmsZzzphp

14 matches found

CVE
CVE
added 2019/02/24 6:0 p.m.1288 views

CVE-2019-9082

ThinkPHP CVE-2019-9082 affects ThinkPHP before 3.2.4 (used in Open Source BMS v1.1.1). The vulnerability allows Remote Command Execution via a crafted request to public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]=..., enabling an attacker to run comm...

9.3CVSS8.7AI score0.97419EPSS
In wildWeb
CVE
CVE
added 2022/03/23 8:9 p.m.129 views

CVE-2022-23881

ZZZCMS zzzphp 2.1.0 is affected by a remote code execution (RCE) vulnerability via danger_key() in zzz_template.php. Root cause: improper handling in danger_key() allows arbitrary code execution. Impact: attacker can execute code on affected systems (high/critical impact per sources). Exploitatio...

9.8CVSS9.7AI score0.56509EPSS
CVE
CVE
added 2019/02/23 6:0 p.m.119 views

CVE-2019-9041

ZZZCMS 1.6.1 is vulnerable to remote code execution via inc/zzz_template.php: parserIfLabel() filtering is not strict, allowing injection of PHP code (example: {if:assert($_POST[x])} and similar). This can enable arbitrary code execution on affected systems, with CVSS3.0 vector CVSS:3.0/AV:N/AC:L...

7.2CVSS7.1AI score0.31421EPSS
Web
CVE
CVE
added 2021/05/11 10:25 p.m.93 views

CVE-2021-32605

The CVE-2021-32605 entry concerns zzzcms/zzzphp before 2.0.4, where the parserIfLabel template processing fails to validate user-provided keys in the ?location=search flow, enabling remote code execution. The vulnerability allows an attacker to run arbitrary OS commands or code via a crafted keys...

9.8CVSS9.8AI score0.03794EPSS
Web
CVE
CVE
added 2020/12/18 7:0 p.m.75 views

CVE-2020-20298

CVE-2020-20298 affects zzzphp 1.7.2, specifically the zzz_template.php file within the ParserTemplate class. The vulnerability is described as an eval injection in the parserCommom method, enabling remote attackers to execute arbitrary commands. The connected documents provide this exact descript...

9.8CVSS9.6AI score0.02652EPSS
CVE
CVE
added 2019/03/30 12:30 p.m.65 views

CVE-2019-10647

Affected software : ZZZCMS zzzphp v1.6.3. Vulnerability : Remote code execution via a crafted URL in plugins/ueditor/php/controller.php?action=catchimage, due to lack of restrictions in inc/zzz_file.php. Example payloads can cause the server to process PHP code as text. Impact : Attacker can exec...

9.8CVSS9.5AI score0.06589EPSS
Web
CVE
CVE
added 2023/10/18 12:0 a.m.61 views

CVE-2023-45909

CVE-2023-45909 pertains to zzzcms v2.2.0, where an open redirect vulnerability has been identified. Multiple connected documents confirm the affected software and describe the vulnerability as an open redirect, stemming from zzzcms v2.2.0. There is no explicit remediation or patched version detai...

6.1CVSS6.3AI score0.0028EPSS
CVE
CVE
added 2019/10/14 11:43 a.m.58 views

CVE-2019-17408

Affected software: ZZZCMS zzzphp 1.7.3. The issue is in parserIfLabel within inc/zzz_template.php, where the danger_key function can be bypassed (e.g., via strtr), enabling remote attackers to execute arbitrary code. This is the explicit root cause and consequence stated across multiple sources. ...

9.8CVSS9.6AI score0.03691EPSS
CVE
CVE
added 2019/09/23 1:35 p.m.52 views

CVE-2019-16720

CVE-2019-16720 affects ZZZCMS zzzphp v1.7.2, where the upload restriction in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage is insufficient, allowing uploading a .htaccess or .php5 file. The Red Hat and NVD entries confirm the same description. No exploit details, affected ver...

7.5CVSS7.5AI score0.01436EPSS
Web
CVE
CVE
added 2019/09/23 1:35 p.m.50 views

CVE-2019-16722

CVE-2019-16722 affects ZZZCMS zzzphp v1.7.2. The vulnerability arises from an insufficient protection mechanism against PHP Code Execution, where a passthru call bypasses a str_ireplace operation. The connected documents consistently describe this flaw across sources (Red Hat, NVD, CVE registries...

9.8CVSS9.5AI score0.03116EPSS
CVE
CVE
added 2019/02/26 7:0 a.m.45 views

CVE-2019-9182

CVE-2019-9182 affects ZZZCMS zzzphp v1.6.1. A CSRF flaw in /admin015/save.php?act=editfile enables PHP code injection by supplying a filename in the file parameter and content in the filetext parameter, leading to potential code execution on the server. Exploitation details are described in the C...

8.8CVSS8.8AI score0.00787EPSS
Web
CVE
CVE
added 2021/02/04 11:25 p.m.42 views

CVE-2020-18717

The CVE-2020-18717 entry concerns ZZZCMS zzzphp 1.7.1, where a SQL injection due to lack of parameter filtering in inc/zzz_template.php allows remote code execution. Public sources classify the impact as high/critical (NVD CVSS v3.1: 9.8; v2: 7.5). The affected component is the zzz_template.php p...

9.8CVSS9.8AI score0.03589EPSS
CVE
CVE
added 2021/03/15 4:41 p.m.42 views

CVE-2020-24877

CVE-2020-24877 describes a SQL injection in zzzphp v1.8.0 via /form/index.php?module=getjson, causing an access restriction bypass. Multiple connected sources confirm the vulnerable component and the root cause: insufficient validation/escaping of external input in SQL statements. Reported impact...

9.8CVSS9.6AI score0.02052EPSS
Web
CVE
CVE
added 2018/12/13 8:0 a.m.38 views

CVE-2018-20127

zzzphp cms 1.5.8 contains a flaw in the del_file function of /admin/save.php that permits remote deletion of arbitrary files via a mixed-case extension and an extra '.' character (e.g., path=F:/1.phP.). Root cause: improper validation of file extensions and path syntax leads to arbitrary file del...

7.5CVSS7.5AI score0.01388EPSS
Web