RSS   Vulnerabilities for 'Zzcms'   RSS

2019-03-07
 
CVE-2018-17416

CWE-89
 

 
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.

 
 
CVE-2018-17415

CWE-89
 

 
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.

 
 
CVE-2018-17414

CWE-89
 

 
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.

 
 
CVE-2018-17413

CWE-79
 

 
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.

 
 
CVE-2018-17412

CWE-89
 

 
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.

 
2019-02-24
 
CVE-2019-9078

CWE-79
 

 
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT.

 
2019-02-17
 
CVE-2019-8411

CWE-22
 

 
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal.

 
2018-10-29
 
CVE-2018-18792

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.

 
 
CVE-2018-18791

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.

 
 
CVE-2018-18790

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)

 


Copyright 2019, cxsecurity.com

 

Back to Top