Page 8 of 99 results (0.011 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-9078

https://notcve.org/view.php?id=CVE-2019-9078

24 Feb 2019 — zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. zzcms 2019 tiene Cross-Site Scripting (XSS) mediante un parámetro en user/ask.php?do=modify debido a que inc/stopsqlin.php no bloquea una cadena con mayúsculas y minúsculas mixtas como "sCrIpT". • https://github.com/NS-Sp4ce/ZZCMS-XSS/blob/master/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-8411

https://notcve.org/view.php?id=CVE-2019-8411

17 Feb 2019 — admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directory traversal. admin/dl_data.php en zzcms 2018 (19/10/2018) permite que los atacantes remotos eliminen archivos arbitrarios mediante un salto de directorio en action=delfilename=../. • https://github.com/615/VulnPoC/issues/1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18786

https://notcve.org/view.php?id=CVE-2018-18786

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en ajax/zs.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18787

https://notcve.org/view.php?id=CVE-2018-18787

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/zs.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18791

https://notcve.org/view.php?id=CVE-2018-18791

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/search.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18785

https://notcve.org/view.php?id=CVE-2018-18785

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. Se ha descubierto un problema en zzcms 8.3. Existe una inyección SQL en zs/subzs.php con una cookie zzcmscpid en zs/search.php. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18792

https://notcve.org/view.php?id=CVE-2018-18792

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/zs_list.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18789

https://notcve.org/view.php?id=CVE-2018-18789

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. Se ha descubierto un problema en zzcms 8.3. Existe una inyección SQL en zt/top.php mediante una cabecera Host HTTP en zt/news.php. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18784

https://notcve.org/view.php?id=CVE-2018-18784

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) Se ha descubierto un problema en zzcms 8.3. Existe una inyección SQL en admin/tagmanage.php mediante el parámetro tabletag. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-18790

https://notcve.org/view.php?id=CVE-2018-18790

29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en admin/special_add.php mediante una cookie zxbigclassid. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •