Known Vulnerabilities for products from Zzcms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zzcms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-14837 json | A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.p... | Not Provided | 2025-12-18 | 2026-04-29 |
| CVE-2025-14836 json | A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.ph... | Not Provided | 2025-12-17 | 2026-04-29 |
| CVE-2025-13171 json | A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such mani... | Not Provided | 2025-11-14 | 2026-04-29 |
| CVE-2023-50104 json | 9.8 - CRITICAL | 2023-12-29 | 2024-01-05 | |
| CVE-2023-42398 json | An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor ... | 9.8 - CRITICAL | 2023-09-15 | 2023-09-20 |
| CVE-2023-36162 json | Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add ... | 8.8 - HIGH | 2023-07-03 | 2023-08-01 |
| CVE-2022-44361 json | An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php. | 5.4 - MEDIUM | 2022-12-07 | 2022-12-09 |
| CVE-2022-40447 json | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php. | 7.2 - HIGH | 2022-09-22 | 2022-09-22 |
| CVE-2022-40446 json | ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=. | 7.2 - HIGH | 2022-09-22 | 2022-09-23 |
| CVE-2022-40444 json | ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server. | 5.3 - MEDIUM | 2022-09-22 | 2022-09-23 |
| CVE-2022-40443 json | An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET req... | 5.3 - MEDIUM | 2022-09-22 | 2022-09-23 |
| CVE-2021-46437 json | An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | 4.8 - MEDIUM | 2022-04-08 | 2022-04-14 |
| CVE-2021-46436 json | An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php. | 7.2 - HIGH | 2022-04-08 | 2022-04-13 |
| CVE-2021-45347 json | An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing ... | 7.5 - HIGH | 2022-02-14 | 2022-02-23 |
| CVE-2021-45286 json | Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_inde... | 5.3 - MEDIUM | 2022-02-09 | 2022-02-15 |
| CVE-2021-43703 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2021-12-09 | 2022-07-12 |
| CVE-2021-42945 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2021-12-15 | 2021-12-15 |
| CVE-2021-40282 json | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary user... | 8.8 - HIGH | 2021-12-09 | 2021-12-13 |
| CVE-2021-40281 json | An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users. | 8.8 - HIGH | 2021-12-09 | 2021-12-13 |
| CVE-2021-40280 json | An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php. | 7.2 - HIGH | 2021-12-09 | 2021-12-13 |