RSS   Vulnerabilities for 'Zzcms'   RSS

2022-06-02
 
CVE-2019-12349

CWE-89
 
 
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.

 
 
CVE-2019-12350

CWE-89
 
 
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

 
 
CVE-2019-12351

CWE-89
 
 
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.

 
2022-04-08
 
CVE-2021-46436

CWE-89
 
 
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.

 
 
CVE-2021-46437

CWE-79
 
 
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

 
2022-02-09
 
CVE-2021-45286

CWE-22
 
 
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.

 
2021-12-15
 
CVE-2021-42945

CWE-89
 
 
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.

 
2021-12-13
 
CVE-2020-19042

CWE-79
 
 
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.

 
2021-12-09
 
CVE-2021-40281

CWE-89
 
 
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.

 
 
CVE-2021-40282

CWE-89
 
 
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.

 

Copyright 2024, cxsecurity.com

 

Back to Top