CVEDB API

Vulnerabilities

Vulnerable Software

Zzcms: Security Vulnerabilities

CVE-2018-18788

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)

CVSS Score

7.2

EPSS Score

0.003

Published

2018-10-29

CVE-2018-18789

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.

CVSS Score

9.8

EPSS Score

0.003

Published

2018-10-29

CVE-2018-18790

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)

CVSS Score

7.2

EPSS Score

0.003

Published

2018-10-29

CVE-2018-18791

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.

CVSS Score

9.8

EPSS Score

0.003

Published

2018-10-29

CVE-2018-18792

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.

CVSS Score

9.8

EPSS Score

0.003

Published

2018-10-29

CVE-2018-18784

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)

CVSS Score

7.2

EPSS Score

0.003

Published

2018-10-29

CVE-2018-18785

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.

CVSS Score

9.8

EPSS Score

0.003

Published

2018-10-29

CVE-2018-17797

An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

CVSS Score

6.5

EPSS Score

0.003

Published

2018-09-30

CVE-2018-17798

An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.

CVSS Score

6.5

EPSS Score

0.003

Published

2018-09-30

CVE-2018-17136

zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.

CVSS Score

9.8

EPSS Score

0.003

Published

2018-09-17

Prev Next

Page 9

Vulnerabilities

Vulnerable Software

Zzcms: Security Vulnerabilities

Products

Pricing

Contact Us