Vulnerabilities > Zzcms > Zzcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-07-23 | CVE-2019-1010149 | Improper Input Validation vulnerability in Zzcms zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. | 7.5 |
| 2019-07-23 | CVE-2019-1010148 | SQL Injection vulnerability in Zzcms zzcms version 8.3 and earlier is affected by: SQL Injection. | 7.5 |
| 2019-03-07 | CVE-2018-17416 | SQL Injection vulnerability in Zzcms 8.3 A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. | 6.5 |
| 2019-03-07 | CVE-2018-17415 | SQL Injection vulnerability in Zzcms 8.3 zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. | 6.5 |
| 2019-03-07 | CVE-2018-17414 | SQL Injection vulnerability in Zzcms 8.3 zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. | 6.5 |
| 2019-03-07 | CVE-2018-17413 | Cross-site Scripting vulnerability in Zzcms 8.3 XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. | 4.3 |
| 2019-03-07 | CVE-2018-17412 | SQL Injection vulnerability in Zzcms 8.3 zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. | 7.5 |
| 2019-02-24 | CVE-2019-9078 | Cross-site Scripting vulnerability in Zzcms 2019 zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. | 3.5 |
| 2019-02-17 | CVE-2019-8411 | Path Traversal vulnerability in Zzcms 2018 admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. | 6.4 |
| 2018-10-29 | CVE-2018-18792 | SQL Injection vulnerability in Zzcms 8.3 An issue was discovered in zzcms 8.3. | 7.5 |