CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45555
https://notcve.org/view.php?id=CVE-2023-45555
24 Oct 2023 — File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. Vulnerabilidad de carga de archivos en zzzCMS v.2.1.9 permite a un atacante remoto ejecutar código arbitrario a través de un archivo manipulado en la función down_url en el archivo zzz.php. • https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45554
https://notcve.org/view.php?id=CVE-2023-45554
24 Oct 2023 — File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. Vulnerabilidad de carga de archivos en zzzCMS v.2.1.9 permite a un atacante remoto ejecutar código arbitrario mediante la modificación del parámetro imageext de jpg, jpeg,gif, y png a jpg, jpeg,gif, png, pphphp. • https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45909
https://notcve.org/view.php?id=CVE-2023-45909
18 Oct 2023 — zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. Se descubrió que zzzcms v2.2.0 contenía una vulnerabilidad de redireccionamiento abierto. • https://github.com/Num-Nine/CVE/issues/7 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5582 – ZZZCMS Personal Profile Page cross site scripting
https://notcve.org/view.php?id=CVE-2023-5582
14 Oct 2023 — A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Jacky-Y/vuls/blob/main/vul8.md • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5263 – ZZZCMS Database Backup File save.php restore permission
https://notcve.org/view.php?id=CVE-2023-5263
29 Sep 2023 — A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yhy217/zzzcms-vul/issues/1 • CWE-275: Permission Issues •
CVSS: 9.8EPSS: 40%CPEs: 1EXPL: 1CVE-2022-23881
https://notcve.org/view.php?id=CVE-2022-23881
23 Mar 2022 — ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. Se ha detectado que ZZZCMS zzzphp versión v2.1.0, contiene una vulnerabilidad de ejecución de comandos remota (RCE) por medio de la función danger_key() en el archivo zzz_template.php • https://github.com/metaStor/Vuls/blob/main/zzzcms/zzzphp%20V2.1.0%20RCE/zzzphp%20V2.1.0%20RCE.md •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19683
https://notcve.org/view.php?id=CVE-2020-19683
09 Dec 2021 — A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en ZZZCMS versión V1.7.1, por medio de una acción editfile en el archivo save.php • https://zhhhy.github.io/2019/06/28/zzzcms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19682
https://notcve.org/view.php?id=CVE-2020-19682
09 Dec 2021 — A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. Una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) se presenta en ZZZCMS versión V1.7.1, por medio de la función save_user en el archivo save.php • https://zhhhy.github.io/2019/06/28/zzzcms • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-32605
https://notcve.org/view.php?id=CVE-2021-32605
11 May 2021 — zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if" "end if" block. zzzcms zzzphp versiones anteriores a 2.0.4, permite a atacantes remotos ejecutar comandos arbitrarios del Sistema Operativo al colocarlos en el parámetro keys de un URI ?location=search, como es demostrado por un comando del Sistema Operativo dentro de un bloque "if" "end if" • http://www.zzzcms.com/a/news/31_282_1.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24877
https://notcve.org/view.php?id=CVE-2020-24877
15 Mar 2021 — A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass. Una vulnerabilidad de inyección SQL en zzzphp versión v1.8.0, por medio de /form/index.php?module=getjson puede conllevar a una posible omisión de restricción de acceso • https://github.com/h4ckdepy/zzzphp/issues/1 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •