Vulnerabilities > Zzzcms

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-45554 Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.
network
low complexity
zzzcms CWE-434
critical
9.8
2023-10-25 CVE-2023-45555 Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.
local
low complexity
zzzcms CWE-434
7.8
2023-10-18 CVE-2023-45909 Open Redirect vulnerability in Zzzcms Zzzphp 2.2.0
zzzcms v2.2.0 was discovered to contain an open redirect vulnerability.
network
low complexity
zzzcms CWE-601
6.1
2023-10-14 CVE-2023-5582 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zzzcms 2.2.0
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0.
network
low complexity
zzzcms CWE-80
5.4
2023-09-29 CVE-2023-5263 Permission Issues vulnerability in Zzzcms 2.1.7
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical.
network
low complexity
zzzcms CWE-275
8.8
2022-03-23 CVE-2022-23881 Unspecified vulnerability in Zzzcms Zzzphp 2.1.0
ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.
network
low complexity
zzzcms
critical
9.8
2021-12-09 CVE-2020-19682 Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms 1.7.1
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.
network
low complexity
zzzcms CWE-352
8.8
2021-12-09 CVE-2020-19683 Cross-site Scripting vulnerability in Zzzcms 1.7.1
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
network
low complexity
zzzcms CWE-79
5.4
2021-05-11 CVE-2021-32605 OS Command Injection vulnerability in Zzzcms Zzzphp
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.
network
low complexity
zzzcms CWE-78
critical
9.8
2021-03-15 CVE-2020-24877 SQL Injection vulnerability in Zzzcms Zzzphp 1.8.0
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
network
low complexity
zzzcms CWE-89
critical
9.8