Skip to main content

Zcms

4 CVEs product

Monthly

CVE-2022-28522 MEDIUM POC This Month

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zcms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2022-28521 CRITICAL POC Act Now

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zcms
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2015-7347 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zcms
NVD Exploit-DB
CVSS 3.0
4.8
EPSS
0.2%
CVE-2015-7346 CRITICAL POC Act Now

SQL injection vulnerability in ZCMS 1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zcms
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
4.2%
EPSS 1% CVSS 5.4
MEDIUM POC This Month

ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Zcms
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

ZCMS v20170206 was discovered to contain a file inclusion vulnerability via index.php?m=home&c=home&a=sp_set_config. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zcms
NVD GitHub
EPSS 0% CVSS 4.8
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Zcms
NVD Exploit-DB
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

SQL injection vulnerability in ZCMS 1.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Zcms
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy