Vulnerabilities > Zzzcms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-45555 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9 File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. | 7.8 |
| 2023-09-29 | CVE-2023-5263 | Unspecified vulnerability in Zzzcms 2.1.7 A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. | 8.8 |
| 2021-12-09 | CVE-2020-19682 | Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms 1.7.1 A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | 8.8 |
| 2019-09-23 | CVE-2019-16720 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms Zzzphp 1.7.2 ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | 7.5 |
| 2019-02-26 | CVE-2019-9182 | Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms Zzzphp 1.6.1 There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. | 8.8 |
| 2019-02-24 | CVE-2019-9082 | Missing Authentication for Critical Function vulnerability in multiple products ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | 8.8 |
| 2019-02-23 | CVE-2019-9041 | Expression Language Injection vulnerability in Zzzcms Zzzphp 1.6.1 An issue was discovered in ZZZCMS zzzphp V1.6.1. | 7.2 |
| 2018-12-13 | CVE-2018-20127 | Improper Input Validation vulnerability in Zzzcms Zzzphp 1.5.8 An issue was discovered in zzzphp cms 1.5.8. | 7.5 |