Vulnerabilities > Zzzcms > Zzzphp > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-11 | CVE-2021-32605 | OS Command Injection vulnerability in Zzzcms Zzzphp zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. | 7.5 |
| 2021-03-15 | CVE-2020-24877 | SQL Injection vulnerability in Zzzcms Zzzphp 1.8.0 A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. | 7.5 |
| 2021-02-05 | CVE-2020-18717 | SQL Injection vulnerability in Zzzcms Zzzphp 1.7.1 SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in inc/zzz_template.php. | 7.5 |
| 2020-12-18 | CVE-2020-20298 | Unspecified vulnerability in Zzzcms Zzzphp 1.7.2 Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. | 7.5 |
| 2019-10-14 | CVE-2019-17408 | Improper Input Validation vulnerability in Zzzcms Zzzphp 1.7.3 parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. | 7.5 |
| 2019-09-23 | CVE-2019-16722 | Improper Input Validation vulnerability in Zzzcms Zzzphp 1.7.2 ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. | 7.5 |
| 2019-03-30 | CVE-2019-10647 | Unrestricted Upload of File with Dangerous Type vulnerability in Zzzcms Zzzphp 1.6.3 ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of inc/zzz_file.php restrictions. | 7.5 |