CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-14961
https://notcve.org/view.php?id=CVE-2018-14961
06 Aug 2018 — dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. dl/dl_sendmail.php en zzcms 8.3 tiene una inyección SQL mediante el parámetro sql. • https://blog.csdn.net/weixin_42813492/article/details/81240523 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14963
https://notcve.org/view.php?id=CVE-2018-14963
06 Aug 2018 — zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. zzcms 8.3 tiene Cross-Site Request Forgery (CSRF) mediante el URI admin/adminadd.php?action=add. • https://github.com/AvaterXXX/ZZCMS/blob/master/README.md • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13116
https://notcve.org/view.php?id=CVE-2018-13116
03 Jul 2018 — /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. /user/del.php en zzcms 8.3 permite la inyección SQL mediante el parámetro tablename después de usar la tabla zzcms_ask. • https://github.com/actionyz/ZZCMS/blob/master/SQL/1/del.php.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13056
https://notcve.org/view.php?id=CVE-2018-13056
02 Jul 2018 — An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. Se ha descubierto un problema en zzcms 8.3. Hay una vulnerabilidad en /user/del.php que puede eliminar cualquier archivo colocando su ruta relativa en la tabla principal de zzcms_main y luego haciendo una petición img add. • https://github.com/actionyz/ZZCMS/blob/master/del.php.md • CWE-20: Improper Input Validation •