Vulnerabilities > Zzcms > Zzcms > 2021

DATE CVE VULNERABILITY TITLE RISK
2024-11-12 CVE-2024-11130 Cross-site Scripting vulnerability in Zzcms
A vulnerability was found in ZZCMS up to 2023.
network
low complexity
zzcms CWE-79
4.8
2024-09-04 CVE-2024-44819 Cross-site Scripting vulnerability in Zzcms
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a crafted script to the pagename parameter of the admin/del.php component.
network
low complexity
zzcms CWE-79
6.1
2024-09-04 CVE-2024-44820 Cross-site Scripting vulnerability in Zzcms
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5.1/upload/.
network
low complexity
zzcms CWE-79
6.1
2022-04-08 CVE-2021-46436 SQL Injection vulnerability in Zzcms 2021
An issue was discovered in ZZCMS 2021.
network
low complexity
zzcms CWE-89
7.2
2022-04-08 CVE-2021-46437 Cross-site Scripting vulnerability in Zzcms 2021
An issue was discovered in ZZCMS 2021.
network
low complexity
zzcms CWE-79
4.8
2022-02-09 CVE-2021-45286 Path Traversal vulnerability in Zzcms 2021
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
network
low complexity
zzcms CWE-22
5.3
2021-12-15 CVE-2021-42945 SQL Injection vulnerability in Zzcms 2021
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
network
low complexity
zzcms CWE-89
critical
9.8
2021-12-09 CVE-2021-40281 SQL Injection vulnerability in Zzcms
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
network
low complexity
zzcms CWE-89
8.8
2021-12-09 CVE-2021-40282 SQL Injection vulnerability in Zzcms
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php.
network
low complexity
zzcms CWE-89
8.8
2021-12-09 CVE-2021-40279 SQL Injection vulnerability in Zzcms
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
network
low complexity
zzcms CWE-89
7.2