Vulnerabilities > Zzcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2020-19042 | Cross-site Scripting vulnerability in Zzcms 2019 Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | 4.3 |
| 2021-12-09 | CVE-2021-40281 | SQL Injection vulnerability in Zzcms An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | 6.5 |
| 2021-12-09 | CVE-2021-40282 | SQL Injection vulnerability in Zzcms An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. | 6.5 |
| 2021-12-09 | CVE-2021-43703 | Unspecified vulnerability in Zzcms An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. | 7.5 |
| 2021-12-09 | CVE-2021-40279 | SQL Injection vulnerability in Zzcms An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | 6.5 |
| 2021-12-09 | CVE-2021-40280 | SQL Injection vulnerability in Zzcms An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | 6.5 |
| 2021-10-14 | CVE-2020-19957 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. | 5.0 |
| 2021-10-14 | CVE-2020-19959 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. | 5.0 |
| 2021-10-14 | CVE-2020-19960 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. | 5.0 |
| 2021-10-14 | CVE-2020-19961 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. | 5.0 |