CVEDB API - Fast Vulnerability Dashboard

Vulnerabilities

Vulnerable Software

Zzcms: >> Zzcms Security Vulnerabilities

CVE-2018-8968

An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

CVSS Score

7.5

EPSS Score

0.008

Published

2018-03-24

CVE-2018-8969

An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

CVSS Score

7.5

EPSS Score

0.008

Published

2018-03-24

CVE-2018-7434

zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.

CVSS Score

5.3

EPSS Score

0.003

Published

2018-02-24

Prev

Page 11

Products

Pricing

Contact Us

support@shodan.io

Shodan ® - All rights reserved