Known Vulnerabilities for products from Zzcms

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zzcms".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2022-40447 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. 7.2 - HIGH 2022-09-22 2022-09-22
CVE-2022-40446 ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. 7.2 - HIGH 2022-09-22 2022-09-22
CVE-2022-40444 ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. 5.3 - MEDIUM 2022-09-22 2022-09-22
CVE-2022-40443 An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET req... 5.3 - MEDIUM 2022-09-22 2022-09-22
CVE-2021-43703 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2021-12-09 2022-07-12
CVE-2021-42945 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 9.8 - CRITICAL 2021-12-15 2021-12-15
CVE-2021-40282 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary user... 8.8 - HIGH 2021-12-09 2021-12-13
CVE-2021-40281 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. 8.8 - HIGH 2021-12-09 2021-12-13
CVE-2021-40280 An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. 7.2 - HIGH 2021-12-09 2021-12-13
CVE-2021-40279 An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php. 7.2 - HIGH 2021-12-09 2021-12-13
CVE-2020-35973 An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/... 5.4 - MEDIUM 2021-06-03 2021-06-09
CVE-2020-23630 A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection). 8.8 - HIGH 2021-01-11 2021-01-14
CVE-2020-23426 zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an atta... 9.8 - CRITICAL 2021-04-08 2022-06-28
CVE-2020-21342 Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php. 7.5 - HIGH 2021-05-13 2021-06-02
CVE-2020-20285 There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php 5.4 - MEDIUM 2020-12-18 2020-12-22
CVE-2020-19961 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data vi... 7.5 - HIGH 2021-10-14 2021-10-19
CVE-2020-19960 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data vi... 7.5 - HIGH 2021-10-14 2021-10-19
CVE-2020-19959 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data vi... 7.5 - HIGH 2021-10-14 2021-10-19
CVE-2020-19957 A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data vi... 7.5 - HIGH 2021-10-14 2021-10-19
CVE-2020-19822 A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary ... 7.2 - HIGH 2021-08-26 2022-07-10
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Zzcms

Type Vendor Product Version
ApplicationZzcmsZzcms2.0
ApplicationZzcmsZzmcms8.3

Popular searches for "Zzcms"

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].