Vulnerabilities > Zzcms

DATE CVE VULNERABILITY TITLE RISK
2019-03-07 CVE-2018-17414 SQL Injection vulnerability in Zzcms 8.3
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.
network
low complexity
zzcms CWE-89
8.8
8.8
2019-03-07 CVE-2018-17413 Cross-site Scripting vulnerability in Zzcms 8.3
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.
network
low complexity
zzcms CWE-79
6.1
6.1
2019-03-07 CVE-2018-17412 SQL Injection vulnerability in Zzcms 8.3
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
network
low complexity
zzcms CWE-89
critical
 9.8
9.8
2019-02-24 CVE-2019-9078 Cross-site Scripting vulnerability in Zzcms 2019
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.
network
low complexity
zzcms CWE-79
5.4
5.4
2019-02-17 CVE-2019-8411 Path Traversal vulnerability in Zzcms 2018
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.
network
low complexity
zzcms CWE-22
7.5
7.5
2018-10-29 CVE-2018-18792 SQL Injection vulnerability in Zzcms 8.3
An issue was discovered in zzcms 8.3.
network
low complexity
zzcms CWE-89
critical
 9.8
9.8
2018-10-29 CVE-2018-18791 SQL Injection vulnerability in Zzcms 8.3
An issue was discovered in zzcms 8.3.
network
low complexity
zzcms CWE-89
critical
 9.8
9.8
2018-10-29 CVE-2018-18790 SQL Injection vulnerability in Zzcms 8.3
An issue was discovered in zzcms 8.3.
network
low complexity
zzcms CWE-89
7.2
7.2
2018-10-29 CVE-2018-18789 SQL Injection vulnerability in Zzcms 8.3
An issue was discovered in zzcms 8.3.
network
low complexity
zzcms CWE-89
critical
 9.8
9.8
2018-10-29 CVE-2018-18788 SQL Injection vulnerability in Zzcms 8.3
An issue was discovered in zzcms 8.3.
network
low complexity
zzcms CWE-89
7.2
7.2