An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.
CVSS Score
5.3
EPSS Score
0.036
Published
2022-09-22
ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.
CVSS Score
5.3
EPSS Score
0.003
Published
2022-09-22
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-09-22
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-09-22
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-06-17
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-17
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-17
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-06-17
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-06-17
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-17