zhuxianjin

5 exploits Active since Oct 2021
CVE-2020-19954 WRITEUP HIGH WRITEUP
S-CMS 3.0 - XML External Entity Arbitrary File Read
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
CVSS 7.5
CVE-2020-19957 WRITEUP HIGH WRITEUP
zzcms 2019 - SQL Injection via dl_print.php id Parameter
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.
CVSS 7.5
CVE-2020-19959 WRITEUP HIGH WORKING POC
zzcms 2019 - SQL Injection via dlid Parameter in dl_sendmail.php
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.
CVSS 7.5
CVE-2020-19960 WRITEUP HIGH WRITEUP
zzcms 2019 - SQL Injection via dlid Parameter in dl_sendsms.php
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.
CVSS 7.5
CVE-2020-19961 WRITEUP HIGH WRITEUP
zzcms 2019 - SQL Injection via subzs.php
A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.
CVSS 7.5