CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-50104
https://notcve.org/view.php?id=CVE-2023-50104
28 Dec 2023 — ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain server privileges and execute arbitrary code. ZZCMS 2023 tiene una vulnerabilidad de carga de archivos en 3/E_bak5.1/upload/index.php, lo que permite a los atacantes explotar esta vulnerabilidad para obtener privilegios de servidor y ejecutar código arbitrario. • https://github.com/zzq66/cve4 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42398
https://notcve.org/view.php?id=CVE-2023-42398
15 Sep 2023 — An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. Un problema en zzCMS v.2023 permite a un atacante remoto ejecutar código arbitrario y obtener información confidencial a través del componente ueditor en controlador.php. • https://github.com/laterfuture/php-audit/blob/main/CVE-2023-42398%E2%80%94%E2%80%94ZZCMS2023%20SSRF • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36162
https://notcve.org/view.php?id=CVE-2023-36162
03 Jul 2023 — Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php. • http://www.zzcms.net/about/download.html • CWE-352: Cross-Site Request Forgery (CSRF) •