Skip to main content

Zbzcms

7 CVEs product

Monthly

CVE-2022-27133 CRITICAL Act Now

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Zbzcms
NVD GitHub
CVSS 3.1
9.1
EPSS
1.0%
CVE-2022-27131 CRITICAL Act Now

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27129 CRITICAL Act Now

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.5%
CVE-2022-27128 CRITICAL Act Now

An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-27127 MEDIUM This Month

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Zbzcms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.7%
CVE-2022-27126 CRITICAL Act Now

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Zbzcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-27125 MEDIUM This Month

zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Zbzcms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
EPSS 1% CVSS 9.1
CRITICAL Act Now

zbzcms v1.0 was discovered to contain an arbitrary file deletion vulnerability via /include/up.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Zbzcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability at /zbzedit/php/zbz.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An arbitrary file upload vulnerability at /admin/ajax.php in zbzcms v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP RCE File Upload +1
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to arbitrarily add administrator accounts. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP Information Disclosure Zbzcms
NVD GitHub
EPSS 1% CVSS 6.5
MEDIUM This Month

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Zbzcms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the art parameter at /include/make.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi Zbzcms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

zbzcms v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the neirong parameter at /php/ajax.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Zbzcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy