Vulnerabilities > Zzcms

DATE	CVE	VULNERABILITY TITLE	RISK
2024-08-19	CVE-2024-7925	Unspecified vulnerability in Zzcms 2023 A vulnerability was found in ZZCMS 2023. network low complexity zzcms	7.5
2023-12-29	CVE-2023-50104	Unrestricted Upload of File with Dangerous Type vulnerability in Zzcms 2023 ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. network low complexity zzcms CWE-434 critical	9.8
2023-09-15	CVE-2023-42398	Server-Side Request Forgery (SSRF) vulnerability in Zzcms 2023 An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. network low complexity zzcms CWE-918 critical	9.8
2023-07-03	CVE-2023-36162	Cross-Site Request Forgery (CSRF) vulnerability in Zzcms 2023 Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php. network low complexity zzcms CWE-352	8.8
2022-12-07	CVE-2022-44361	Cross-site Scripting vulnerability in Zzcms 2022 An issue was discovered in ZZCMS 2022. network low complexity zzcms CWE-79	5.4
2022-09-22	CVE-2022-40443	Path Traversal vulnerability in Zzcms 2022 An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php. network low complexity zzcms CWE-22	5.3
2022-09-22	CVE-2022-40444	Path Traversal vulnerability in Zzcms 2022 ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. network low complexity zzcms CWE-22	5.3
2022-09-22	CVE-2022-40446	SQL Injection vulnerability in Zzcms 2022 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. network low complexity zzcms CWE-89	7.2
2022-09-22	CVE-2022-40447	SQL Injection vulnerability in Zzcms 2022 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. network low complexity zzcms CWE-89	7.2
2022-06-17	CVE-2019-12352	SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. network low complexity zzcms CWE-89	8.8

Vulnerabilities > Zzcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Zzcms"}]}

Vulnerabilities > Zzcms