Exploitation Summary
EIP tracks 1 public exploit for CVE-2015-7346. PoCs published by hyp3rlinx.
AI-analyzed exploit summary This exploit demonstrates SQL injection and persistent XSS vulnerabilities in ZCMS 1.1. It includes payloads to bypass admin authentication and inject malicious scripts into the database or comment fields.
Description
SQL injection vulnerability in ZCMS 1.1.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by hyp3rlinx · textwebappsjsp
https://www.exploit-db.com/exploits/37272
This exploit demonstrates SQL injection and persistent XSS vulnerabilities in ZCMS 1.1. It includes payloads to bypass admin authentication and inject malicious scripts into the database or comment fields.
Classification
Working Poc 90%
Attack Type
Sqli | Xss | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
ZCMS 1.1
No auth needed
Prerequisites:
Access to the login page · Basic knowledge of SQL injection and XSS
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/AS-ZCMS0612.txt
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/132286/ZCMS-1.1-Cross-Site-Scripting-SQL-Injection.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/37272/
Scores
CVSS v3
9.8
EPSS
0.0415
EPSS Percentile
89.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-89
Status
published
Products (1)
zcms_project/zcms
1.1
Published
Jun 07, 2017
Tracked Since
Feb 18, 2026