Search Results | AttackerKB

Show filters

Topics 5 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

5 Total Results

Displaying 1-5 of 5

Attacker Value

Unknown

CVE-2022-44361

Disclosure Date: December 07, 2022 (last updated October 08, 2023)

An issue was discovered in ZZCMS 2022. There is a cross-site scripting (XSS) vulnerability in admin/ad_list.php.

Attack Vector: Network Privileges: Low User Interaction: Required

0

Attacker Value

Unknown

CVE-2022-40447

Disclosure Date: September 22, 2022 (last updated October 08, 2023)

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the keyword parameter at /admin/baojia_list.php.

Attack Vector: Network Privileges: High User Interaction: None

0

Attacker Value

Unknown

CVE-2022-40446

Disclosure Date: September 22, 2022 (last updated October 08, 2023)

ZZCMS 2022 was discovered to contain a SQL injection vulnerability via the component /admin/sendmailto.php?tomail=&groupid=.

Attack Vector: Network Privileges: High User Interaction: None

0

Attacker Value

Unknown

CVE-2022-40444

Disclosure Date: September 22, 2022 (last updated October 08, 2023)

ZZCMS 2022 was discovered to contain a full path disclosure vulnerability via the page /admin/index.PHP? _server.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2022-40443

Disclosure Date: September 22, 2022 (last updated October 08, 2023)

An absolute path traversal vulnerability in ZZCMS 2022 allows attackers to obtain sensitive information via a crafted GET request sent to /one/siteinfo.php.

Attack Vector: Network Privileges: None User Interaction: None

0