Vulnerabilities > Zzcms

DATE CVE VULNERABILITY TITLE RISK
2022-04-08 CVE-2021-46436 SQL Injection vulnerability in Zzcms 2021
An issue was discovered in ZZCMS 2021.
network
zzcms CWE-89
6.8
2022-04-08 CVE-2021-46437 Cross-site Scripting vulnerability in Zzcms 2021
An issue was discovered in ZZCMS 2021.
network
zzcms CWE-79
3.5
2022-02-14 CVE-2021-45347 Improper Authentication vulnerability in Zzcms 8.2
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
network
low complexity
zzcms CWE-287
5.0
2022-02-09 CVE-2021-45286 Path Traversal vulnerability in Zzcms 2021
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
network
low complexity
zzcms CWE-22
5.0
2021-12-15 CVE-2021-42945 SQL Injection vulnerability in Zzcms 2021
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
network
low complexity
zzcms CWE-89
7.5
2021-12-13 CVE-2020-19042 Cross-site Scripting vulnerability in Zzcms 2019
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.
network
zzcms CWE-79
4.3
2021-12-09 CVE-2021-40281 SQL Injection vulnerability in Zzcms
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
network
low complexity
zzcms CWE-89
6.5
2021-12-09 CVE-2021-40282 SQL Injection vulnerability in Zzcms
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php.
network
low complexity
zzcms CWE-89
6.5
2021-12-09 CVE-2021-43703 Incorrect Authorization vulnerability in Zzcms
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php.
network
low complexity
zzcms CWE-863
7.5
2021-12-09 CVE-2021-40279 SQL Injection vulnerability in Zzcms
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
network
low complexity
zzcms CWE-89
6.5