Zzcms Zzcms

Do you want an email whenever new security vulnerabilities are reported in any Zzcms product?

Products by Zzcms Sorted by Most Security Vulnerabilities since 2018

Zzcms79 vulnerabilities

Zzcms Zzmcms1 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in Zzcms . Last year Zzcms had 3 security vulnerabilities published. Right now, Zzcms is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 3 9.47
2022 20 7.43
2021 16 7.96
2020 1 5.40
2019 13 8.65
2018 27 8.30

It may take a day or so for new Zzcms vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Zzcms Security Vulnerabilities

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php

CVE-2023-50104 9.8 - Critical - December 29, 2023

ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code.

Unrestricted File Upload

An issue in zzCMS v.2023

CVE-2023-42398 9.8 - Critical - September 15, 2023

An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.

XSPA

Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier

CVE-2023-36162 8.8 - High - July 03, 2023

Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.

Session Riding

An issue was discovered in ZZCMS 2022

CVE-2022-44361 5.4 - Medium - December 07, 2022

An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.

XSS

ZZCMS 2022 was discovered to contain a full path disclosure vulnerability

CVE-2022-40444 5.3 - Medium - September 22, 2022

ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.

Directory traversal

ZZCMS 2022 was discovered to contain a SQL injection vulnerability

CVE-2022-40446 7.2 - High - September 22, 2022

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

SQL Injection

ZZCMS 2022 was discovered to contain a SQL injection vulnerability

CVE-2022-40447 7.2 - High - September 22, 2022

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

SQL Injection

An absolute path traversal vulnerability in ZZCMS 2022

CVE-2022-40443 5.3 - Medium - September 22, 2022

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.

Directory traversal

An issue was discovered in zzcms 2019

CVE-2019-12355 8.8 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12356 8.8 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12359 7.2 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12354 7.2 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12357 7.2 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12353 7.2 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12352 8.8 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12358 8.8 - High - June 17, 2022

An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12351 9.8 - Critical - June 02, 2022

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12349 9.8 - Critical - June 02, 2022

An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.

SQL Injection

An issue was discovered in zzcms 2019

CVE-2019-12350 9.8 - Critical - June 02, 2022

An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.

SQL Injection

An issue was discovered in ZZCMS 2021

CVE-2021-46437 4.8 - Medium - April 08, 2022

An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.

XSS

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.