Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ZzzcmsZzzphp1.7.2

3 matches found

cve
cveadded 2020/12/18 7:15 p.m.62 views

CVE-2020-20298

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.

9.8CVSS9.6AI score0.06441EPSS
cve
cveadded 2019/09/23 2:15 p.m.39 views

CVE-2019-16720

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file.

7.5CVSS7.5AI score0.00282EPSS
cve
cveadded 2019/09/23 2:15 p.m.37 views

CVE-2019-16722

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.

9.8CVSS9.5AI score0.03559EPSS