Vulnerabilities > Zzzcms
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-45554 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9 File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. | 9.8 |
| 2023-10-25 | CVE-2023-45555 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9 File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | 7.8 |
| 2023-10-18 | CVE-2023-45909 | Open Redirect vulnerability in Zzzcms Zzzphp 2.2.0 zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | 6.1 |
| 2023-10-14 | CVE-2023-5582 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zzzcms 2.2.0 A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. | 5.4 |
| 2023-09-29 | CVE-2023-5263 | Permission Issues vulnerability in Zzzcms 2.1.7 A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. | 8.8 |
| 2022-03-23 | CVE-2022-23881 | Unspecified vulnerability in Zzzcms Zzzphp 2.1.0 ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. | 9.8 |
| 2021-12-09 | CVE-2020-19682 | Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms 1.7.1 A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | 8.8 |
| 2021-12-09 | CVE-2020-19683 | Cross-site Scripting vulnerability in Zzzcms 1.7.1 A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. | 5.4 |
| 2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 9.8 |
| 2021-03-15 | CVE-2020-24877 | SQL Injection vulnerability in Zzzcms Zzzphp 1.8.0 A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. | 9.8 |