📦 Zkeacms

CVE-2025-52239 is an arbitrary file upload vulnerability in ZKEACMS v4.1 that allows attackers to upload malicious files and execute arbitrary code on the server. This affects all systems running the ...

This vulnerability allows attackers to upload arbitrary HTML files to the ZKEACMS admin media upload endpoint, which can lead to remote code execution. Attackers can craft malicious HTML files that ex...

This CVE describes a path traversal vulnerability in SeriaWei ZKEACMS up to version 4.3. Attackers can manipulate the ID parameter in the Download function to access arbitrary files on the server. Org...

This vulnerability allows remote attackers to perform server-side request forgery (SSRF) attacks against SeriaWei ZKEACMS installations up to version 4.3. Attackers can manipulate the CheckPage/Sugges...

This vulnerability in SeriaWei ZKEACMS allows attackers to perform server-side request forgery (SSRF) attacks by manipulating the Data argument in the Edit function of the PendingTaskController. Attac...