CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45555
https://notcve.org/view.php?id=CVE-2023-45555
24 Oct 2023 — File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file. Vulnerabilidad de carga de archivos en zzzCMS v.2.1.9 permite a un atacante remoto ejecutar código arbitrario a través de un archivo manipulado en la función down_url en el archivo zzz.php. • https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-45554
https://notcve.org/view.php?id=CVE-2023-45554
24 Oct 2023 — File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp. Vulnerabilidad de carga de archivos en zzzCMS v.2.1.9 permite a un atacante remoto ejecutar código arbitrario mediante la modificación del parámetro imageext de jpg, jpeg,gif, y png a jpg, jpeg,gif, png, pphphp. • https://github.com/96xiaopang/Vulnerabilities/blob/main/zzzcms%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0_en.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5582 – ZZZCMS Personal Profile Page cross site scripting
https://notcve.org/view.php?id=CVE-2023-5582
14 Oct 2023 — A vulnerability, which was classified as problematic, has been found in ZZZCMS 2.2.0. This issue affects some unknown processing of the component Personal Profile Page. The manipulation leads to basic cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Jacky-Y/vuls/blob/main/vul8.md • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5263 – ZZZCMS Database Backup File save.php restore permission
https://notcve.org/view.php?id=CVE-2023-5263
29 Sep 2023 — A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yhy217/zzzcms-vul/issues/1 • CWE-275: Permission Issues •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19683
https://notcve.org/view.php?id=CVE-2020-19683
09 Dec 2021 — A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en ZZZCMS versión V1.7.1, por medio de una acción editfile en el archivo save.php • https://zhhhy.github.io/2019/06/28/zzzcms • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19682
https://notcve.org/view.php?id=CVE-2020-19682
09 Dec 2021 — A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. Una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) se presenta en ZZZCMS versión V1.7.1, por medio de la función save_user en el archivo save.php • https://zhhhy.github.io/2019/06/28/zzzcms • CWE-352: Cross-Site Request Forgery (CSRF) •