Every CVE whose affected-product data names Zzzcms Zzzphp, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2020-20298 — CVSS 9.8 (critical): Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote…
CVE-2021-32605 — CVSS 9.8 (critical): zzzcms zzzphp before 2.0.4 allows remote attackers to execute arbitrary OS commands by placing them in the keys parameter of a…
CVE-2019-10647 — CVSS 9.8 (critical): ZZZCMS zzzphp v1.6.3 allows remote attackers to execute arbitrary PHP code via a .php URL in the plugins/ueditor/php/controller.php?action=c…
CVE-2019-16722 — CVSS 9.8 (critical): ZZZCMS zzzphp v1.7.2 has an insufficient protection mechanism against PHP Code Execution, because passthru bypasses an str_ireplace…
CVE-2019-17408 — CVSS 9.8 (critical): parserIfLabel in inc/zzz_template.php in ZZZCMS zzzphp 1.7.3 allows remote attackers to execute arbitrary code because the danger_key…
CVE-2022-23881 — CVSS 9.8 (critical): ZZZCMS zzzphp v2.1.0 was discovered to contain a remote command execution (RCE) vulnerability via danger_key() at zzz_template.php.
CVE-2020-18717 — CVSS 9.8 (critical): SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execute arbitrary code due to a lack of parameter filtering in…
CVE-2020-24877 — CVSS 9.8 (critical): A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a possible access restriction bypass.
CVE-2019-9182 — CVSS 8.8 (high): There is a CSRF in ZZZCMS zzzphp V1.6.1 via a /admin015/save.php?act=editfile request. It allows PHP code injection by providing a filename…
CVE-2018-20127 — CVSS 7.5 (high): An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case…
CVE-2019-16720 — CVSS 7.5 (high): ZZZCMS zzzphp v1.7.2 does not properly restrict file upload in plugins/ueditor/php/controller.php?upfolder=news&action=catchimage, as…
CVE-2019-9041 — CVSS 7.2 (high): An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict…