Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14963 | 1 Zzcms | 1 Zzcms | 2026-06-17 | 6.8 MEDIUM | 8.8 HIGH |
| zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI. | |||||
| CVE-2018-14962 | 1 Zzcms | 1 Zzcms | 2026-06-17 | 3.5 LOW | 5.4 MEDIUM |
| zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php. | |||||
| CVE-2018-14961 | 1 Zzcms | 1 Zzcms | 2026-06-17 | 5.0 MEDIUM | 9.8 CRITICAL |
| dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter. | |||||
| CVE-2018-13116 | 1 Zzcms | 1 Zzcms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| /user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table. | |||||
| CVE-2018-13056 | 1 Zzcms | 1 Zzcms | 2026-06-17 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. This can be leveraged for database access by deleting install.lock. | |||||
| CVE-2018-1000653 | 1 Zzcms | 1 Zzcms | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx. | |||||