Zzcms : Security Vulnerabilities, CVEs, Published In 2018 (Sql injection) CVSS score >= 7

CVE-2018-1000653

zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by sql injection in zzcms in nginx. This attack appear to be exploitable via running zzcms in nginx.
Max CVSS
9.8
EPSS Score
0.15%
Published
2018-08-20
Updated
2018-10-12

CVE-2018-18792

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18791

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18790

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admin user login.)
Max CVSS
7.2
EPSS Score
0.09%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18789

An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18788

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an admin user login.)
Max CVSS
7.2
EPSS Score
0.09%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18787

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18786

An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18785

An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-18784

An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin user login.)
Max CVSS
7.2
EPSS Score
0.09%
Published
2018-10-29
Updated
2018-12-04

CVE-2018-17136

zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-09-17
Updated
2018-11-01

CVE-2018-14961

dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
Max CVSS
9.8
EPSS Score
0.47%
Published
2018-08-06
Updated
2018-10-04

CVE-2018-13116

/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-07-03
Updated
2018-08-23

CVE-2018-9309

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-04-05
Updated
2022-11-01

CVE-2018-8967

An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
Max CVSS
9.8
EPSS Score
0.21%
Published
2018-03-24
Updated
2022-11-01
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close