CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17413
https://notcve.org/view.php?id=CVE-2018-17413
07 Mar 2019 — XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter. Hay Cross-Site Scripting (XSS) en la versión v8.3 de zzcms mediante el parámetro noshuiyin en /uploadimg_form.php. • https://github.com/seedis/zzcms-xss/blob/master/README.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17414
https://notcve.org/view.php?id=CVE-2018-17414
07 Mar 2019 — zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter. La versión v8.3 de zzcms tiene una inyección SQL en /user/jobmanage.php mediante el parámetro bigclass. • https://github.com/seedis/zzcms/blob/master/SQL%20injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17412
https://notcve.org/view.php?id=CVE-2018-17412
07 Mar 2019 — zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header. zzcms, en su versión v8.3, contiene una vulnerabilidad de inyección SQL en /user/logincheck.php mediante una cabecera HTTP "X-Forwarded-For". • https://github.com/seedis/zzcms/blob/master/README.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17416
https://notcve.org/view.php?id=CVE-2018-17416
07 Mar 2019 — A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter. Ocurre una vulnerabilidad de inyección SQL en la versión v8.3 de zzcms mediante el parámetro bigclassid en /admin/adclass.php. • https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20%20addclass.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17415
https://notcve.org/view.php?id=CVE-2018-17415
07 Mar 2019 — zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter. La versión V8.3 de zzcms tiene una inyección SQL en /user/zs_elite.php mediante el parámetro id. • https://github.com/seedis/zzcms/blob/master/SQL%20injection%20in%20zs_elite.php.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9078
https://notcve.org/view.php?id=CVE-2019-9078
24 Feb 2019 — zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. zzcms 2019 tiene Cross-Site Scripting (XSS) mediante un parámetro en user/ask.php?do=modify debido a que inc/stopsqlin.php no bloquea una cadena con mayúsculas y minúsculas mixtas como "sCrIpT". • https://github.com/NS-Sp4ce/ZZCMS-XSS/blob/master/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8411
https://notcve.org/view.php?id=CVE-2019-8411
17 Feb 2019 — admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. admin/dl_data.php en zzcms 2018 (19/10/2018) permite que los atacantes remotos eliminen archivos arbitrarios mediante un salto de directorio en action=delfilename=../. • https://github.com/615/VulnPoC/issues/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18786
https://notcve.org/view.php?id=CVE-2018-18786
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en ajax/zs.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18787
https://notcve.org/view.php?id=CVE-2018-18787
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/zs.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18791
https://notcve.org/view.php?id=CVE-2018-18791
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/search.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •