Known Vulnerabilities for products from Zzzcms
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zzzcms".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-45909 json | zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. | 6.1 - MEDIUM | 2023-10-18 | 2023-10-25 |
| CVE-2023-45555 json | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down... | 7.8 - HIGH | 2023-10-25 | 2023-10-27 |
| CVE-2023-45554 json | File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imagee... | 9.8 - CRITICAL | 2023-10-25 | 2023-10-27 |
| CVE-2023-5582 json | A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown process... | 5.4 - MEDIUM | 2023-10-14 | 2023-11-07 |
| CVE-2023-5263 json | A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the f... | 8.8 - HIGH | 2023-09-29 | 2023-11-07 |
| CVE-2022-23881 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-23 | 2023-08-08 |
| CVE-2021-32605 json | zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of ... | 9.8 - CRITICAL | 2021-05-11 | 2021-05-19 |
| CVE-2020-24877 json | A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restricti... | 9.8 - CRITICAL | 2021-03-15 | 2021-03-16 |
| CVE-2020-20298 json | Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allow... | 9.8 - CRITICAL | 2020-12-18 | 2021-07-21 |
| CVE-2020-19683 json | A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. | 5.4 - MEDIUM | 2021-12-09 | 2021-12-13 |
| CVE-2020-19682 json | A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | 8.8 - HIGH | 2021-12-09 | 2021-12-13 |
| CVE-2020-18717 json | SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering i... | 9.8 - CRITICAL | 2021-02-05 | 2021-02-08 |
| CVE-2019-17408 json | parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the da... | 9.8 - CRITICAL | 2019-10-14 | 2021-07-21 |
| CVE-2019-16722 json | ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ir... | 9.8 - CRITICAL | 2019-09-23 | 2021-07-21 |
| CVE-2019-16720 json | ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchi... | 7.5 - HIGH | 2019-09-23 | 2019-09-23 |
| CVE-2019-10647 json | ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controll... | 9.8 - CRITICAL | 2019-03-30 | 2019-04-01 |
| CVE-2019-9182 json | There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by provid... | 8.8 - HIGH | 2019-02-26 | 2019-02-26 |
| CVE-2019-9082 json | ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via public//?s=i... | 8.8 - HIGH | 2019-02-24 | 2022-04-05 |
| CVE-2019-9041 json | An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering i... | 7.2 - HIGH | 2019-02-23 | 2021-07-21 |
| CVE-2018-20127 json | An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files vi... | 7.5 - HIGH | 2018-12-13 | 2020-07-14 |
Known software with vulnerabilities from Zzzcms
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Zzzcms | Zzzphp | 1.4.1 |