An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-06-17
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-06-17
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-06-02
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2022-04-08
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-04-08
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the user name in the cookie to use any password.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-02-14
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-02-09
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-12-15