Vulnerabilities > Zzcms > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-29 | CVE-2018-18790 | SQL Injection vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 6.5 |
| 2018-10-29 | CVE-2018-18788 | SQL Injection vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 6.5 |
| 2018-10-29 | CVE-2018-18784 | SQL Injection vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 6.5 |
| 2018-09-30 | CVE-2018-17798 | Path Traversal vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 5.5 |
| 2018-09-30 | CVE-2018-17797 | Path Traversal vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 5.5 |
| 2018-09-02 | CVE-2018-16344 | Path Traversal vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 6.4 |
| 2018-08-06 | CVE-2018-14963 | Cross-Site Request Forgery (CSRF) vulnerability in Zzcms 8.3. zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | 6.8 |
| 2018-08-06 | CVE-2018-14961 | SQL Injection vulnerability in Zzcms 8.3 dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. | 5.0 |
| 2018-07-02 | CVE-2018-13056 | Improper Input Validation vulnerability in Zzcms 8.3 An issue was discovered on zzcms 8.3. | 6.4 |
| 2018-02-24 | CVE-2018-7434 | Path Traversal vulnerability in Zzcms 8.2 zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php. | 5.3 |