Vulnerabilities > Zzcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-30 | CVE-2018-17797 | Path Traversal vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 5.5 |
| 2018-09-17 | CVE-2018-17136 | SQL Injection vulnerability in Zzcms 8.3 zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. | 7.5 |
| 2018-09-02 | CVE-2018-16344 | Path Traversal vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 6.4 |
| 2018-08-20 | CVE-2018-1000653 | SQL Injection vulnerability in Zzcms zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. | 7.5 |
| 2018-08-06 | CVE-2018-14963 | Cross-Site Request Forgery (CSRF) vulnerability in Zzcms 8.3. zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | 6.8 |
| 2018-08-06 | CVE-2018-14962 | Cross-site Scripting vulnerability in Zzcms 8.3. zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | 3.5 |
| 2018-08-06 | CVE-2018-14961 | SQL Injection vulnerability in Zzcms 8.3 dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. | 5.0 |
| 2018-07-03 | CVE-2018-13116 | SQL Injection vulnerability in Zzcms 8.3. /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | 7.5 |
| 2018-07-02 | CVE-2018-13056 | Improper Input Validation vulnerability in Zzcms 8.3 An issue was discovered on zzcms 8.3. | 6.4 |
| 2018-04-07 | CVE-2018-9331 | Path Traversal vulnerability in Zzcms 8.2 An issue was discovered in zzcms 8.2. | 7.5 |