Vulnerabilities > Zzcms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-09 | CVE-2021-40279 | SQL Injection vulnerability in Zzcms An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. | 7.2 |
| 2021-12-09 | CVE-2021-40280 | SQL Injection vulnerability in Zzcms An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | 7.2 |
| 2021-10-14 | CVE-2020-19957 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. | 7.5 |
| 2021-10-14 | CVE-2020-19959 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. | 7.5 |
| 2021-10-14 | CVE-2020-19960 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. | 7.5 |
| 2021-10-14 | CVE-2020-19961 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. | 7.5 |
| 2021-08-26 | CVE-2020-19822 | Code Injection vulnerability in Zzcms 2018 A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | 7.2 |
| 2021-05-13 | CVE-2020-21342 | Incorrect Default Permissions vulnerability in Zzcms 201910 Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | 7.5 |
| 2021-01-11 | CVE-2020-23630 | SQL Injection vulnerability in Zzcms 201910 A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | 8.8 |
| 2019-03-07 | CVE-2018-17416 | SQL Injection vulnerability in Zzcms 8.3 A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | 7.2 |