Vulnerabilities > Zzcms > Zzcms > 2019
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-02 | CVE-2019-12351 | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 7.5 |
| 2021-12-13 | CVE-2020-19042 | Cross-site Scripting vulnerability in Zzcms 2019 Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. | 4.3 |
| 2021-12-09 | CVE-2021-43703 | Unspecified vulnerability in Zzcms An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. | 7.5 |
| 2021-10-14 | CVE-2020-19957 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. | 5.0 |
| 2021-10-14 | CVE-2020-19959 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. | 5.0 |
| 2021-10-14 | CVE-2020-19960 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. | 5.0 |
| 2021-10-14 | CVE-2020-19961 | SQL Injection vulnerability in Zzcms 2019 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. | 5.0 |
| 2021-05-24 | CVE-2019-12348 | SQL Injection vulnerability in Zzcms 2019 An issue was discovered in zzcms 2019. | 7.5 |
| 2020-12-18 | CVE-2020-20285 | Cross-site Scripting vulnerability in Zzcms 2019 There is a XSS in the user login page in zzcms 2019. | 3.5 |
| 2019-02-24 | CVE-2019-9078 | Cross-site Scripting vulnerability in Zzcms 2019 zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | 3.5 |