Vulnerabilities > Zzzcms > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-45555 Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.
local
low complexity
zzzcms CWE-434
7.8
7.8
2023-09-29 CVE-2023-5263 Permission Issues vulnerability in Zzzcms 2.1.7
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical.
network
low complexity
zzzcms CWE-275
8.8
8.8
2021-05-11 CVE-2021-32605 OS Command Injection vulnerability in Zzzcms Zzzphp
zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block.
network
low complexity
zzzcms CWE-78
7.5
7.5
2021-03-15 CVE-2020-24877 SQL Injection vulnerability in Zzzcms Zzzphp 1.8.0
A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
network
low complexity
zzzcms CWE-89
7.5
7.5
2021-02-05 CVE-2020-18717 SQL Injection vulnerability in Zzzcms Zzzphp 1.7.1
SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php.
network
low complexity
zzzcms CWE-89
7.5
7.5
2020-12-18 CVE-2020-20298 Unspecified vulnerability in Zzzcms Zzzphp 1.7.2
Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.
network
low complexity
zzzcms
7.5
7.5
2019-10-14 CVE-2019-17408 Improper Input Validation vulnerability in Zzzcms Zzzphp 1.7.3
parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr.
network
low complexity
zzzcms CWE-20
7.5
7.5
2019-09-23 CVE-2019-16722 Improper Input Validation vulnerability in Zzzcms Zzzphp 1.7.2
ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation.
network
low complexity
zzzcms CWE-20
7.5
7.5
2019-03-30 CVE-2019-10647 Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms Zzzphp 1.6.3
ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions.
network
low complexity
zzzcms CWE-434
7.5
7.5