seedis

6 exploits Active since Sep 2018
CVE-2018-17412 WRITEUP CRITICAL WRITEUP
zzcms v8.3 - SQL Injection via X-Forwarded-For HTTP Header
zzcms v8.3 contains a SQL Injection vulnerability in /user/logincheck.php via an X-Forwarded-For HTTP header.
CVSS 9.8
CVE-2018-17414 WRITEUP HIGH WRITEUP
zzcms 8.3 - SQL Injection via jobmanage.php bigclass Parameter
zzcms v8.3 has a SQL injection in /user/jobmanage.php via the bigclass parameter.
CVSS 8.8
CVE-2018-17415 WRITEUP HIGH WRITEUP
zzcms V8.3 - SQL Injection via id Parameter
zzcms V8.3 has a SQL injection in /user/zs_elite.php via the id parameter.
CVSS 8.8
CVE-2018-17797 WRITEUP MEDIUM WRITEUP
zzcms 8.3 - Path Traversal and Arbitrary File Deletion via oldimg Parameter
An issue was discovered in zzcms 8.3. user/zssave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
CVSS 6.5
CVE-2018-17798 WRITEUP MEDIUM WRITEUP
zzcms 8.3 - Unauthenticated Arbitrary File Deletion via oldimg Parameter
An issue was discovered in zzcms 8.3. user/ztconfig.php allows remote attackers to delete arbitrary files via an absolute pathname in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock.
CVSS 6.5
CVE-2018-18381 WRITEUP MEDIUM WRITEUP
Z-BlogPHP 1.5.2.1935 - Stored Cross-Site Scripting via Content-Type Header
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVSS 5.4