CVEDB API

Vulnerabilities

Vulnerable Software

Zbzcms: >> Zbzcms Security Vulnerabilities

CVE-2022-27126

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php.

CVSS Score

9.8

EPSS Score

0.003

Published

2022-04-10

CVE-2022-27127

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php.

CVSS Score

6.5

EPSS Score

0.002

Published

2022-04-10

CVE-2022-27128

An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts.

CVSS Score

9.8

EPSS Score

0.004

Published

2022-04-10

CVE-2022-27129

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS Score

9.8

EPSS Score

0.009

Published

2022-04-10

CVE-2022-27131

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS Score

9.8

EPSS Score

0.009

Published

2022-04-10

CVE-2022-27133

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php.

CVSS Score

9.1

EPSS Score

0.003

Published

2022-04-10

CVE-2022-27125

zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php.

CVSS Score

6.1

EPSS Score

0.002

Published

2022-04-10

Page 1

Vulnerabilities

Vulnerable Software

Zbzcms: >> Zbzcms Security Vulnerabilities

Products

Pricing

Contact Us