Shodan
Vulnerabilities
Vulnerable Software
Zrlog:  >> Zrlog  Security Vulnerabilities
CVE-2020-27514
Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS).
CVSS Score
9.1
EPSS Score
0.011
Published
2023-08-11
CVE-2020-21052
Cross Site Scripting vulnerability in zrlog zrlog v.2.1.3 allows a remote attacker to execute arbitrary code via the nickame parameter of the /post/addComment function.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-06-20
CVE-2021-44093
A Remote Command Execution vulnerability on the background in zrlog 2.2.2, at the upload avatar function, could bypass the original limit, upload the JSP file to get a WebShell
CVSS Score
9.8
EPSS Score
0.045
Published
2021-11-28
CVE-2021-44094
ZrLog 2.2.2 has a remote command execution vulnerability at plugin download function, it could execute any JAR file
CVSS Score
7.8
EPSS Score
0.012
Published
2021-11-28
CVE-2020-18066
Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName and (2) email parameters in post/addComment.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-06-29
CVE-2020-21316
A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel.
CVSS Score
6.1
EPSS Score
0.006
Published
2021-06-15
CVE-2020-19005
zrlog v2.1.0 has a vulnerability with the permission check. If admin account is logged in, other unauthorized users can download the database backup file directly.
CVSS Score
5.7
EPSS Score
0.002
Published
2020-08-25
CVE-2019-16643
An issue was discovered in ZrLog 2.1.1. There is a Stored XSS vulnerability in the article_edit area.
CVSS Score
5.4
EPSS Score
0.002
Published
2019-09-20
CVE-2018-17079
An issue was discovered in ZRLOG 2.0.1. There is a Stored XSS vulnerability in the nickname field of the comment area.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-06-19
CVE-2018-17420
An issue was discovered in ZrLog 2.0.3. There is a SQL injection vulnerability in the article management search box via the keywords parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2019-03-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved