Vulnerabilities > Zzzcms > Zzzphp > 1.6.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 9.8 |
| 2019-02-26 | CVE-2019-9182 | Cross-Site Request Forgery (CSRF) vulnerability in Zzzcms Zzzphp 1.6.1 There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. | 8.8 |
| 2019-02-24 | CVE-2019-9082 | Missing Authentication for Critical Function vulnerability in multiple products ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | 8.8 |
| 2019-02-23 | CVE-2019-9041 | Expression Language Injection vulnerability in Zzzcms Zzzphp 1.6.1 An issue was discovered in ZZZCMS zzzphp V1.6.1. | 7.2 |