RSS   Vulnerabilities for 'Zzcms'   RSS

2018-10-29
 
CVE-2018-18792

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.

 
 
CVE-2018-18791

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.

 
 
CVE-2018-18790

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)

 
 
CVE-2018-18789

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.

 
 
CVE-2018-18788

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)

 
 
CVE-2018-18787

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.

 
 
CVE-2018-18786

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.

 
 
CVE-2018-18785

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.

 
 
CVE-2018-18784

CWE-89
 

 
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)

 
2018-09-30
 
CVE-2018-17798

CWE-284
 

 
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

 


Copyright 2019, cxsecurity.com

 

Back to Top