Filtered by vendor Zzzcms
Subscribe
Search
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19682 | 1 Zzzcms | 1 Zzzcms | 2021-12-13 | 6.8 MEDIUM | 8.8 HIGH |
| A Cross Site Request Forgery (CSRF) vulnerability exits in ZZZCMS V1.7.1 via the save_user funciton in save.php. | |||||
| CVE-2019-9041 | 1 Zzzcms | 1 Zzzphp | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring. | |||||
| CVE-2018-20127 | 1 Zzzcms | 1 Zzzphp | 2020-07-14 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds. | |||||
| CVE-2019-16720 | 1 Zzzcms | 1 Zzzphp | 2019-09-23 | 5.0 MEDIUM | 7.5 HIGH |
| ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. | |||||
| CVE-2019-9182 | 1 Zzzcms | 1 Zzzphp | 2019-02-26 | 6.8 MEDIUM | 8.8 HIGH |
| There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the filetext parameter. | |||||