CVE-2018-8965
- EPSS 0.63%
- Veröffentlicht 24.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:41
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting insta...
CVE-2018-8966
- EPSS 0.46%
- Veröffentlicht 24.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:42
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated by injecting a phpinfo() call into /inc/config.php.
CVE-2018-8967
- EPSS 0.38%
- Veröffentlicht 24.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:42
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
CVE-2018-8968
- EPSS 0.59%
- Veröffentlicht 24.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:42
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg or oldflv parameter in an action=modify request. This can be leveraged for database access by dele...
CVE-2018-8969
- EPSS 0.59%
- Veröffentlicht 24.03.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 04:14:42
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting...
CVE-2018-7434
- EPSS 0.3%
- Veröffentlicht 24.02.2018 03:29:00
- Zuletzt bearbeitet 21.11.2024 04:12:07
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php or 3/ucenter_api/code/friend.php.