Skip to main content

Zzzphp

12 CVEs product

Monthly

CVE-2023-45909 MEDIUM PATCH This Month

zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Zzzphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.3%
CVE-2022-23881 CRITICAL POC THREAT Act Now

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zzzphp
NVD GitHub
CVSS 3.1
9.8
EPSS
56.5%
CVE-2021-32605 CRITICAL POC Act Now

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zzzphp
NVD
CVSS 3.1
9.8
EPSS
3.8%
CVE-2020-20298 CRITICAL POC Act Now

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP Zzzphp
NVD
CVSS 3.1
9.8
EPSS
2.7%
CVE-2019-17408 CRITICAL POC Act Now

parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Zzzphp
NVD GitHub
CVSS 3.1
9.8
EPSS
3.7%
CVE-2019-16722 CRITICAL POC Act Now

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Zzzphp
NVD
CVSS 3.1
9.8
EPSS
3.1%
CVE-2019-16720 HIGH POC This Week

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD
CVSS 3.1
7.5
EPSS
1.4%
CVE-2019-10647 CRITICAL POC Act Now

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD GitHub
CVSS 3.0
9.8
EPSS
6.6%
CVE-2019-9182 HIGH POC This Week

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Zzzphp
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
0.8%
CVE-2019-9082 HIGH POC KEV THREAT Act Now

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Thinkphp Open Source Background Management System Zzzphp
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
97.4%
CVE-2019-9041 HIGH POC THREAT This Week

An issue was discovered in ZZZCMS zzzphp V1.6.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Zzzphp
NVD Exploit-DB
CVSS 3.0
7.2
EPSS
31.4%
CVE-2018-20127 HIGH POC This Week

An issue was discovered in zzzphp cms 1.5.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Zzzphp
NVD
CVSS 3.1
7.5
EPSS
1.4%
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

zzzcms v2.2.0 was discovered to contain an open redirect vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Zzzphp
NVD GitHub
EPSS 57% CVSS 9.8
CRITICAL POC THREAT Act Now

ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Zzzphp
NVD GitHub
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a ?location=search URI, as demonstrated by an OS command within an "if". Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Zzzphp
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD
EPSS 4% CVSS 9.8
CRITICAL POC Act Now

parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key function can be bypassed via manipulations such as strtr. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace operation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Zzzphp
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as demonstrated by uploading a .htaccess or .php5 file. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD
EPSS 7% CVSS 9.8
CRITICAL POC Act Now

ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=catchimage source[] parameter because of a lack of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP File Upload Zzzphp
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Zzzphp
NVD Exploit-DB
EPSS 97% CVSS 8.8
HIGH POC KEV THREAT Act Now

ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Thinkphp +2
NVD GitHub Exploit-DB
EPSS 31% CVSS 7.2
HIGH POC THREAT This Week

An issue was discovered in ZZZCMS zzzphp V1.6.1. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE Zzzphp
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in zzzphp cms 1.5.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP Zzzphp
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy