threat
engine
.sh
Back
·
··:··
Home
/
Product
/
zzcms
Product
zzcms
107 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-14837
all versions
A vulnerability has been found in ZZCMS 2025. Affected by this issue is the function stripfxg of the file /admin/siteconfig.php of
4.7
MEDIUM
CVE-2025-14836
all versions
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/user_save.php of
2.7
LOW
CVE-2025-13171
all versions
A vulnerability was identified in ZZCMS 2023. This impacts an unknown function of the file /admin/wangkan_list.php. Such manipulat
6.3
MEDIUM
CVE-2025-1949
all versions
A vulnerability, which was classified as problematic, has been found in ZZCMS 2025. This issue affects some unknown processing of
4.3
MEDIUM
CVE-2025-22957
<= 2023
A SQL injection vulnerability exists in the front-end of the website in ZZCMS <= 2023, which can be exploited without any authenti
9.8
CRITICAL
CVE-2025-0565
all versions
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of th
7.3
HIGH
CVE-2024-52724
all versions
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php.
9.8
CRITICAL
CVE-2024-11242
all versions
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of th
4.7
MEDIUM
CVE-2024-11130
<= 2023
A vulnerability was found in ZZCMS up to 2023. It has been rated as problematic. Affected by this issue is some unknown functional
2.4
LOW
CVE-2024-10293
all versions
A vulnerability was found in ZZCMS 2023. It has been classified as critical. Affected is the function Ebak_SetGotoPak of the file
6.3
MEDIUM
CVE-2024-10292
all versions
A vulnerability was found in ZZCMS 2023 and classified as critical. This issue affects some unknown processing of the file 3/Ebak5
6.3
MEDIUM
CVE-2024-10291
all versions
A vulnerability has been found in ZZCMS 2023 and classified as critical. This vulnerability affects the function Ebak_DoExecSQL/Eb
6.3
MEDIUM
CVE-2024-10290
all versions
A vulnerability, which was classified as problematic, was found in ZZCMS 2023. This affects an unknown part of the file 3/qq-conne
5.3
MEDIUM
CVE-2024-44821
<= 2023
ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not proper
5.3
MEDIUM
CVE-2024-44818
<= 2023
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the HTT
5.4
MEDIUM
CVE-2024-44817
<= 2023
SQL Injection vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via the id paramet
8.8
HIGH
CVE-2024-44820
<= 2023
A sensitive information disclosure vulnerability exists in ZZCMS v.2023 and before within the eginfo.php file located at /3/E_bak5
6.1
MEDIUM
CVE-2024-44819
<= 2023
Cross Site Scripting vulnerability in ZZCMS v.2023 and before allows a remote attacker to obtain sensitive information via a craft
6.1
MEDIUM
CVE-2024-7927
all versions
A vulnerability classified as critical was found in ZZCMS 2023. Affected by this vulnerability is an unknown functionality of the
7.3
HIGH
CVE-2024-7926
all versions
A vulnerability classified as critical has been found in ZZCMS 2023. Affected is an unknown function of the file /admin/about_edit
7.3
HIGH
CVE-2024-7925
all versions
A vulnerability was found in ZZCMS 2023. It has been rated as problematic. This issue affects some unknown processing of the file
4.3
MEDIUM
CVE-2024-7924
all versions
A vulnerability was found in ZZCMS 2023. It has been declared as critical. This vulnerability affects unknown code of the file /I/
5.3
MEDIUM
CVE-2024-43011
<= 2023
An arbitrary file deletion vulnerability exists in the admin/del.php file at line 62 in ZZCMS 2023 and earlier. Due to insufficien
4.9
MEDIUM
CVE-2024-43009
<= 2023
A reflected cross-site scripting (XSS) vulnerability exists in user/login.php at line 24 in ZZCMS 2023 and earlier. The applicatio
4.7
MEDIUM
CVE-2024-43006
all versions
A stored cross-site scripting (XSS) vulnerability exists in ZZCMS2023 in the ask/show.php file at line 21. An attacker can exploit
5.4
MEDIUM
CVE-2024-43005
all versions
A reflected cross-site scripting (XSS) vulnerability in the component dl_liuyan_save.php of ZZCMS v2023 allows attackers to execut
4.7
MEDIUM
CVE-2023-50104
all versions
ZZCMS 2023 has a file upload vulnerability in 3/E_bak5.1/upload/index.php, allowing attackers to exploit this loophole to gain ser
9.8
CRITICAL
CVE-2023-42398
all versions
An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor compo
9.8
CRITICAL
CVE-2023-36162
all versions
Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add funct
8.8
HIGH
CVE-2022-44361
all versions
An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.
5.4
MEDIUM
CVE-2022-40447
all versions
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.
7.2
HIGH
CVE-2022-40446
all versions
ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.
7.2
HIGH
CVE-2022-40444
all versions
ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.
5.3
MEDIUM
CVE-2022-40443
all versions
An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request
5.3
MEDIUM
CVE-2019-12359
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/ztliuyan_sendmail.php (when the attacker h
7.2
HIGH
CVE-2019-12358
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendsms.php (when the attacker has dls_pri
8.8
HIGH
CVE-2019-12357
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/deluser.php (when the attacker has admin a
7.2
HIGH
CVE-2019-12356
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_download.php (when the attacker has dls
8.8
HIGH
CVE-2019-12355
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /user/dls_print.php (when the attacker has dls_pr
8.8
HIGH
CVE-2019-12354
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/showbad.php (when the attacker has admin a
7.2
HIGH
CVE-2019-12353
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /admin/dl_sendmail.php (when the attacker has adm
7.2
HIGH
CVE-2019-12352
all versions
An issue was discovered in zzcms 2019. There is a SQL injection Vulnerability in /dl/dl_sendmail.php (when the attacker has dls_pr
8.8
HIGH
CVE-2019-12351
all versions
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma.
9.8
CRITICAL
CVE-2019-12350
all versions
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma.
9.8
CRITICAL
CVE-2019-12349
all versions
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter.
9.8
CRITICAL
CVE-2021-46437
all versions
An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php.
4.8
MEDIUM
CVE-2021-46436
all versions
An issue was discovered in ZZCMS 2021. There is a SQL injection vulnerability in ad_manage.php.
7.2
HIGH
CVE-2021-45347
all versions
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass authentication by changing the u
7.5
HIGH
CVE-2021-45286
all versions
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php
5.3
MEDIUM
CVE-2021-42945
all versions
A SQL Injection vulnerability exists in ZZCMS 2021 via the askbigclassid parameter in /admin/ask.php.
9.8
CRITICAL
CVE-2020-19042
all versions
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.
6.1
MEDIUM
CVE-2021-43703
<= 2019
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, yo
9.8
CRITICAL
CVE-2021-40282
all versions
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, abd 2021 in dl/dl_download.php. when registering ordinary users.
8.8
HIGH
CVE-2021-40281
all versions
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 in dl/dl_print.php when registering ordinary users.
8.8
HIGH
CVE-2021-40280
all versions
An SQL Injection vulnerablitly exits in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/dl_sendmail.php.
7.2
HIGH
CVE-2021-40279
all versions
An SQL Injection vulnerability exists in zzcms 8.2, 8.3, 2020, and 2021 via the id parameter in admin/bad.php.
7.2
HIGH
CVE-2020-19961
all versions
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the
7.5
HIGH
CVE-2020-19960
all versions
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the
7.5
HIGH
CVE-2020-19959
all versions
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the
7.5
HIGH
CVE-2020-19957
all versions
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the
7.5
HIGH
CVE-2020-19822
all versions
A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP c
7.2
HIGH
CVE-2020-35973
all versions
An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manag
5.4
MEDIUM
CVE-2019-12348
all versions
An issue was discovered in zzcms 2019. SQL Injection exists in user/ztconfig.php via the daohang or img POST parameter.
9.8
CRITICAL
CVE-2020-21342
all versions
Insecure permissions issue in zzcms 201910 via the reset any user password in /one/getpassword.php.
7.5
HIGH
CVE-2020-23426
all versions
zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker
9.8
CRITICAL
CVE-2020-23630
all versions
A blind SQL injection vulnerability exists in zzcms ver201910 based on time (cookie injection).
8.8
HIGH
CVE-2020-20285
all versions
There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php
5.4
MEDIUM
CVE-2019-1010153
<= 8.3
zzcms 8.3 and earlier is affected by: SQL Injection. The impact is: sql inject. The component is: zs/subzs.php.
9.8
CRITICAL
CVE-2019-1010152
<= 8.3
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php li
9.8
CRITICAL
CVE-2019-1010150
<= 8.3
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: /user/zssave.php.
9.8
CRITICAL
CVE-2019-1010149
<= 8.3
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms File Delete to Code Execution. T
9.8
CRITICAL
CVE-2019-1010148
<= 8.3
zzcms version 8.3 and earlier is affected by: SQL Injection. The impact is: zzcms File Delete to Code Execution.
9.8
CRITICAL
CVE-2019-1010151
<= 8.3
zzcms zzmcms 8.3 and earlier is affected by: File Delete to getshell. The impact is: getshell. The component is: /user/ppsave.php.
9.8
CRITICAL
CVE-2018-17416
all versions
A SQL injection vulnerability exists in zzcms v8.3 via the /admin/adclass.php bigclassid parameter.
7.2
HIGH
CVE-2018-17415
all versions
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.
8.8
HIGH
CVE-2018-17414
all versions
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.
8.8
HIGH
CVE-2018-17413
all versions
XSS exists in zzcms v8.3 via the /uploadimg_form.php noshuiyin parameter.
6.1
MEDIUM
CVE-2018-17412
all versions
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
9.8
CRITICAL
CVE-2019-9078
all versions
zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter because inc/stopsqlin.php does not block a mixed-case string
5.4
MEDIUM
CVE-2019-8411
all versions
admin/dl_data.php in zzcms 2018 (2018-10-19) allows remote attackers to delete arbitrary files via action=del&filename=../ directo
7.5
HIGH
CVE-2018-18792
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs_list.php via a pxzs cookie.
9.8
CRITICAL
CVE-2018-18791
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/search.php via a pxzs cookie.
9.8
CRITICAL
CVE-2018-18790
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/special_add.php via a zxbigclassid cookie. (This needs an admi
7.2
HIGH
CVE-2018-18789
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in zt/top.php via a Host HTTP header to zt/news.php.
9.8
CRITICAL
CVE-2018-18788
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/classmanage.php via the tablename parameter. (This needs an ad
7.2
HIGH
CVE-2018-18787
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/zs.php via a pxzs cookie.
9.8
CRITICAL
CVE-2018-18786
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in ajax/zs.php via a pxzs cookie.
9.8
CRITICAL
CVE-2018-18785
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in zs/subzs.php with a zzcmscpid cookie to zs/search.php.
9.8
CRITICAL
CVE-2018-18784
all versions
An issue was discovered in zzcms 8.3. SQL Injection exists in admin/tagmanage.php via the tabletag parameter. (This needs an admin
7.2
HIGH
CVE-2018-17798
all versions
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname
6.5
MEDIUM
CVE-2018-17797
all versions
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal se
6.5
MEDIUM
CVE-2018-17136
all versions
zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.
9.8
CRITICAL
CVE-2018-16344
all versions
An issue was discovered in zzcms 8.3. It allows remote attackers to delete arbitrary files via directory traversal sequences in th
7.5
HIGH
CVE-2018-1000653
<= 8.3
zzcms version 8.3 and earlier contains a SQL Injection vulnerability in zt/top.php line 5 that can result in could be attacked by
9.8
CRITICAL
CVE-2018-14963
all versions
zzcms 8.3 has CSRF via the admin/adminadd.php?action=add URI.
8.8
HIGH
CVE-2018-14962
all versions
zzcms 8.3 has stored XSS related to the content variable in user/manage.php and zt/show.php.
5.4
MEDIUM
CVE-2018-14961
all versions
dl/dl_sendmail.php in zzcms 8.3 has SQL Injection via the sql parameter.
9.8
CRITICAL
CVE-2018-13116
all versions
/user/del.php in zzcms 8.3 allows SQL injection via the tablename parameter after leveraging use of the zzcms_ask table.
9.8
CRITICAL
CVE-2018-13056
all versions
An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative p
7.5
HIGH
CVE-2018-9331
all versions
An issue was discovered in zzcms 8.2. user/adv.php allows remote attackers to delete arbitrary files via directory traversal seque
7.5
HIGH
CVE-2018-9309
all versions
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in a dl/dl_sendsms.php request.
9.8
CRITICAL
CVE-2018-8969
all versions
An issue was discovered in zzcms 8.2. user/licence_save.php allows remote attackers to delete arbitrary files via directory traver
7.5
HIGH
CVE-2018-8968
all versions
An issue was discovered in zzcms 8.2. user/manage.php allows remote attackers to delete arbitrary files via directory traversal se
7.5
HIGH
CVE-2018-8967
all versions
An issue was discovered in zzcms 8.2. It allows SQL injection via the id parameter in an adv2.php?action=modify request.
9.8
CRITICAL
CVE-2018-8966
all versions
An issue was discovered in zzcms 8.2. It allows PHP code injection via the siteurl parameter to install/index.php, as demonstrated
7.5
HIGH
CVE-2018-8965
all versions
An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal se
7.5
HIGH
CVE-2018-7434
all versions
zzcms 8.2 allows remote attackers to discover the full path via a direct request to 3/qq_connect2.0/API/class/ErrorCase.class.php
5.3
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin