) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): cpe:2.3:a:zzcms:zzcms:2019:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-12359 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker has admin authority) via the id parameter. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12358 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_print authority) via a dlid cookie. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12357 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin authority) via the id parameter. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12356 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls_download authority) via the id parameter. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12355 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_print authority) via the id parameter. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12354 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin authority) via the id parameter. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12353 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has admin authority) via the id parameter. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 7.2 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12352 |
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_print authority) via a dlid cookie. Published: June 17, 2022; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2019-12351 |
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. Published: June 02, 2022; 10:15:26 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2019-12350 |
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. Published: June 02, 2022; 10:15:26 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2019-12349 |
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. Published: June 02, 2022; 10:15:26 AM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-19042 |
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php. Published: December 13, 2021; 4:15:08 PM -0500 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2021-43703 |
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console. Published: December 09, 2021; 12:15:08 PM -0500 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-19961 |
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php. Published: October 14, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-19960 |
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie. Published: October 14, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-19959 |
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie. Published: October 14, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2020-19957 |
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page. Published: October 14, 2021; 11:15:08 AM -0400 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-12348 |
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter. Published: May 24, 2021; 12:15:07 PM -0400 |
V4.0:(not available) V3.1: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2020-20285 |
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php Published: December 18, 2020; 2:15:14 PM -0500 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-9078 |
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string such as sCrIpT. Published: February 24, 2019; 12:29:00 PM -0500 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |