Vulnerabilities > Zbzcms > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-04-10 CVE-2022-27126 SQL Injection vulnerability in Zbzcms 1.0
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.
network
low complexity
zbzcms CWE-89
critical
 9.8
9.8
2022-04-10 CVE-2022-27128 Unspecified vulnerability in Zbzcms 1.0
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.
network
low complexity
zbzcms
critical
 9.8
9.8
2022-04-10 CVE-2022-27129 Unrestricted Upload of File with Dangerous Type vulnerability in Zbzcms 1.0
An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
zbzcms CWE-434
critical
 9.8
9.8
2022-04-10 CVE-2022-27131 Unrestricted Upload of File with Dangerous Type vulnerability in Zbzcms 1.0
An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.
network
low complexity
zbzcms CWE-434
critical
 9.8
9.8
2022-04-10 CVE-2022-27133 Unspecified vulnerability in Zbzcms 1.0
zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.
network
low complexity
zbzcms
critical
 9.1
9.1