CVE-2014-4034
published 2014-06-11CVE-2014-4034: SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
PriorityP353high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.25%
92.7th percentile
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aas9 | zerocms | <= 1.3.3 | — |
| aas9 | zerocms | — | — |
| aas9 | zerocms | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j49p-v92f-mgvj: SQL injection vulnerability in views/zero_transact_user
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2015-1442 [HIGH] CWE-89 GHSA-j49p-v92f-mgvj: SQL injection vulnerability in views/zero_transact_user
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
GHSA
GHSA-4ggm-3cfx-2c89: SQL injection vulnerability in zero_view_article
ghsa_unreviewed·2022-05-17
CVE-2014-4034 [HIGH] CWE-89 GHSA-4ggm-3cfx-2c89: SQL injection vulnerability in zero_view_article
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/127005/ZeroCMS-1.0-SQL-Injection.htmlhttp://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Feb/4http://seclists.org/oss-sec/2015/q1/379http://seclists.org/oss-sec/2015/q1/380http://secunia.com/advisories/59182http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.htmlhttp://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.htmlhttp://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.htmlhttp://www.exploit-db.com/exploits/33702http://www.securityfocus.com/bid/67953http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5186.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/100588http://packetstormsecurity.com/files/127005/ZeroCMS-1.0-SQL-Injection.htmlhttp://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2015/Feb/4http://seclists.org/oss-sec/2015/q1/379http://seclists.org/oss-sec/2015/q1/380http://secunia.com/advisories/59182http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.htmlhttp://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.htmlhttp://sroesemann.blogspot.de/2015/02/addition-for-advisory-sroeadv-2015-14.htmlhttp://www.exploit-db.com/exploits/33702http://www.securityfocus.com/bid/67953http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5186.phphttps://exchange.xforce.ibmcloud.com/vulnerabilities/100588
2014-06-11
Published