zhuxianjin - Security Researcher - Exploit Intelligence Platform

CVE-2020-19954 WRITEUP HIGH WRITEUP

S-cms - XXE

An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.

CVSS 7.5

View Code

CVE-2020-19957 WRITEUP HIGH WRITEUP

Zzcms - SQL Injection

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the id parameter on the /dl/dl_print.php page.

CVSS 7.5

View Code

CVE-2020-19959 WRITEUP HIGH WORKING POC

Zzcms - SQL Injection

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendmail.php page cookie.

CVSS 7.5

View Code

CVE-2020-19960 WRITEUP HIGH WRITEUP

Zzcms - SQL Injection

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the dlid parameter in the /dl/dl_sendsms.php page cookie.

CVSS 7.5

View Code

CVE-2020-19961 WRITEUP HIGH WRITEUP

Zzcms - SQL Injection

A SQL injection vulnerability has been discovered in zz cms version 2019 which allows attackers to retrieve sensitive data via the component subzs.php.

CVSS 7.5

View Code