📦 Zz

This critical vulnerability in zj1983 zz software allows attackers to perform Server-Side Request Forgery (SSRF) attacks by manipulating the 'url' parameter in the /import_data_check endpoint. Attacke...

This CVE describes an improper authorization vulnerability in zj1983 zz software up to version 2024-8. Attackers can exploit this remotely to bypass authorization controls and potentially access unaut...

This critical SSRF vulnerability in zj1983 zz software allows attackers to manipulate the 'url' parameter in the sendNotice function to make the server send unauthorized HTTP requests to internal syst...

This critical SQL injection vulnerability in zj1983 zz software allows remote attackers to execute arbitrary SQL commands via the user_id parameter in the GetDBUser function. Affected systems include ...

This CVE describes a critical SQL injection vulnerability in the zj1983 zz software that allows attackers to execute arbitrary SQL commands by manipulating the userID parameter in the getUserOrgForUse...

This critical SQL injection vulnerability in zj1983 zz software allows remote attackers to execute arbitrary SQL commands by manipulating the tableId parameter in the getOaWid function. Affected syste...

This critical vulnerability in zj1983 zz software allows remote attackers to upload arbitrary files without restrictions via the ZfileAction.upload function. Attackers can potentially upload malicious...

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in zj1983 zz software up to version 2024-08. Attackers can trick authenticated users into performing unintended actions by crafting...