An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-04-08
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-08
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-02-14
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
CVSS Score
5.3
EPSS Score
0.002
Published
2022-02-09
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2021-12-15
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-12-13
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.
CVSS Score
9.8
EPSS Score
0.009
Published
2021-12-09
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-12-09