Vulnerabilities
Vulnerable Software
Zzcms:  >> Zzcms  >> 8.2  Security Vulnerabilities
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-12-09
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-12-09
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-12-09
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-12-09
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2021-12-09
zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution.
CVSS Score
9.8
EPSS Score
0.006
Published
2019-07-23
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. The component is: user/licence_save.php.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-07-23
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php.
CVSS Score
9.8
EPSS Score
0.011
Published
2019-07-23
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-07-23
zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-07-23


Contact Us

Shodan ® - All rights reserved