Vulnerabilities > Zzzcms > Zzzcms

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-45554 Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.
network
low complexity
zzzcms CWE-434
critical
 9.8
9.8
2023-10-25 CVE-2023-45555 Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms 2.1.9
File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.
local
low complexity
zzzcms CWE-434
7.8
7.8
2023-10-14 CVE-2023-5582 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Zzzcms 2.2.0
A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0.
network
low complexity
zzzcms CWE-80
5.4
5.4
2023-09-29 CVE-2023-5263 Permission Issues vulnerability in Zzzcms 2.1.7
A vulnerability was found in ZZZCMS 2.1.7 and classified as critical.
network
low complexity
zzzcms CWE-275
8.8
8.8
2021-12-09 CVE-2020-19682 Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms 1.7.1
A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php.
network
zzzcms CWE-352
6.8
6.8
2021-12-09 CVE-2020-19683 Cross-site Scripting vulnerability in Zzzcms 1.7.1
A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php.
network
zzzcms CWE-79
3.5
3.5