CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18786
https://notcve.org/view.php?id=CVE-2018-18786
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en ajax/zs.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18787
https://notcve.org/view.php?id=CVE-2018-18787
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/zs.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18791
https://notcve.org/view.php?id=CVE-2018-18791
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/search.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18785
https://notcve.org/view.php?id=CVE-2018-18785
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php. Se ha descubierto un problema en zzcms 8.3. Existe una inyección SQL en zs/subzs.php con una cookie zzcmscpid en zs/search.php. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18792
https://notcve.org/view.php?id=CVE-2018-18792
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie. Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en zs/zs_list.php mediante una cookie pxzs. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18789
https://notcve.org/view.php?id=CVE-2018-18789
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php. Se ha descubierto un problema en zzcms 8.3. Existe una inyección SQL en zt/top.php mediante una cabecera Host HTTP en zt/news.php. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18784
https://notcve.org/view.php?id=CVE-2018-18784
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.) Se ha descubierto un problema en zzcms 8.3. Existe una inyección SQL en admin/tagmanage.php mediante el parámetro tabletag. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18790
https://notcve.org/view.php?id=CVE-2018-18790
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.) Se ha descubierto un problema en zzcms 8.3. Existe inyección SQL en admin/special_add.php mediante una cookie zxbigclassid. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18788
https://notcve.org/view.php?id=CVE-2018-18788
29 Oct 2018 — An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.) Se ha descubierto un problema en zzcms 8.3. Existe una inyección SQL en admin/classmanage.php mediante el parámetro tablename. • https://github.com/qiubaoyang/CVEs/blob/master/zzcms/zzcms.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-17797
https://notcve.org/view.php?id=CVE-2018-17797
30 Sep 2018 — An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock. Se ha descubierto un problema en zzcms 8.3, en user/zssave.php que permite que atacantes remotos eliminen archivos arbitrarios mediante secuencias de salto de directorio en el parámetro oldimg, en una petición action=modify. Esto se puede aprovechar par... • https://github.com/seedis/zzcms/blob/master/arbitrary_file_deletion1.md • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •