Shodan
Vulnerabilities
Vulnerable Software
Zzcms:  >> Zzcms  >> 8.2  Security Vulnerabilities
CVE-2018-1000653
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-08-20
CVE-2018-9331
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter. This can be leveraged for database access by deleting install.lock.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-04-07
CVE-2018-9309
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-04-05
CVE-2018-8965
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-03-24
CVE-2018-8966
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2018-03-24
CVE-2018-8967
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-03-24
CVE-2018-8968
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-03-24
CVE-2018-8969
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
CVSS Score
7.5
EPSS Score
0.008
Published
2018-03-24
CVE-2018-7434
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.
CVSS Score
5.3
EPSS Score
0.003
Published
2018-02-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved