Vulnerabilities > Zzcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-14 | CVE-2020-19959 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. | 5.0 |
| 2021-10-14 | CVE-2020-19960 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. | 5.0 |
| 2021-10-14 | CVE-2020-19961 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. | 5.0 |
| 2021-05-13 | CVE-2020-21342 | Incorrect Default Permissions vulnerability in Zzcms 201910 Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. | 5.0 |
| 2021-01-11 | CVE-2020-23630 | SQL Injection vulnerability in Zzcms 201910 A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). | 6.5 |
| 2019-03-07 | CVE-2018-17416 | SQL Injection vulnerability in Zzcms 8.3 A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | 6.5 |
| 2019-03-07 | CVE-2018-17415 | SQL Injection vulnerability in Zzcms 8.3 zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | 6.5 |
| 2019-03-07 | CVE-2018-17414 | SQL Injection vulnerability in Zzcms 8.3 zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | 6.5 |
| 2019-03-07 | CVE-2018-17413 | Cross-site Scripting vulnerability in Zzcms 8.3 XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. | 4.3 |
| 2019-02-17 | CVE-2019-8411 | Path Traversal vulnerability in Zzcms 2018 admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | 6.4 |