CVE-2015-1442
- EPSS 1.01%
- Veröffentlicht 06.02.2015 15:59:13
- Zuletzt bearbeitet 12.04.2025 10:46:40
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. ...
CVE-2014-4710
- EPSS 3.32%
- Veröffentlicht 29.07.2014 14:55:05
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in zero_user_account.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the Full Name field.
CVE-2014-4194
- EPSS 1.02%
- Veröffentlicht 09.07.2014 14:55:03
- Zuletzt bearbeitet 12.04.2025 10:46:40
SQL injection vulnerability in zero_transact_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter in a Submit Comment action.
CVE-2014-4195
- EPSS 0.23%
- Veröffentlicht 03.07.2014 14:55:08
- Zuletzt bearbeitet 12.04.2025 10:46:40
Cross-site scripting (XSS) vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to inject arbitrary web script or HTML via the article_id parameter.
CVE-2014-4034
- EPSS 13.4%
- Veröffentlicht 11.06.2014 14:55:09
- Zuletzt bearbeitet 12.04.2025 10:46:40
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.