Filtered by vendor Zzcms
Subscribe
Total
103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14963 | 1 Zzcms | 1 Zzcms | 2018-10-04 | 6.8 MEDIUM | 8.8 HIGH |
| zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | |||||
| CVE-2018-13056 | 1 Zzcms | 1 Zzcms | 2018-09-04 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-13116 | 1 Zzcms | 1 Zzcms | 2018-08-23 | 7.5 HIGH | 9.8 CRITICAL |
| /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | |||||