Zframeworks Zz vulnerabilities
14 known vulnerabilities affecting zframeworks/zz.
Total CVEs
14
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH7MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2025-1834P2CRITICALCVSS 9.8≤ 2024-82025-03-02
CVE-2025-1834 [CRITICAL] CWE-284 CVE-2025-1834: A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects
A vulnerability, which was classified as critical, was found in zj1983 zz up to 2024-8. This affects an unknown part of the file /resolve. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early abo
nvd
CVE-2025-1818P2CRITICALCVSS 9.8≤ 2024-82025-03-02
CVE-2025-1818 [CRITICAL] CWE-284 CVE-2025-1818: A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This is
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the
nvd
CVE-2025-1812P3HIGHCVSS 8.8fixed in 2024-82025-03-02
CVE-2025-1812 [HIGH] CWE-74 CVE-2025-1812: A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the fu
A vulnerability classified as critical has been found in zj1983 zz up to 2024-08. Affected is the function GetUserOrg of the file com/futvan/z/framework/core/SuperZ.java. The manipulation of the argument userId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor wa
nvd
CVE-2025-1820P3HIGHCVSS 8.8≤ 2024-82025-03-02
CVE-2025-1820 [HIGH] CWE-74 CVE-2025-1820: A vulnerability has been found in zj1983 zz up to 2024-8 and classified as critical. Affected by thi
A vulnerability has been found in zj1983 zz up to 2024-8 and classified as critical. Affected by this vulnerability is the function getOaWid of the file src/main/java/com/futvan/z/system/zworkflow/ZworkflowAction.java. The manipulation of the argument tableId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to t
nvd
CVE-2025-1832P3HIGHCVSS 8.8fixed in 2024-82025-03-02
CVE-2025-1832 [HIGH] CWE-74 CVE-2025-1832: A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnera
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is the function getUserList of the file src/main/java/com/futvan/z/system/zrole/ZroleAction.java. The manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and m
nvd
CVE-2025-1833P3HIGHCVSS 8.8fixed in 2024-82025-03-02
CVE-2025-1833 [HIGH] CWE-918 CVE-2025-1833: A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affecte
A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. Affected by this issue is the function sendNotice of the file src/main/java/com/futvan/z/erp/customer_notice/Customer_noticeAction.java of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack m
nvd
CVE-2025-1848P3HIGHCVSS 8.8≤ 2024-82025-03-03
CVE-2025-1848 [HIGH] CWE-918 CVE-2025-1848: A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unkn
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is an unknown function of the file /import_data_check. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted ea
nvd
CVE-2025-1849P3HIGHCVSS 8.8fixed in 2024-82025-03-03
CVE-2025-1849 [HIGH] CWE-918 CVE-2025-1849: A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnera
A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was
nvd
CVE-2025-1831P3CRITICALCVSS 9.8≤ 2024-82025-03-02
CVE-2025-1831 [CRITICAL] CWE-74 CVE-2025-1831: A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the fun
A vulnerability classified as critical has been found in zj1983 zz up to 2024-8. Affected is the function GetDBUser of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be u
nvd
CVE-2025-1821P3CRITICALCVSS 9.8≤ 2024-82025-03-02
CVE-2025-1821 [CRITICAL] CWE-74 CVE-2025-1821: A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this iss
A vulnerability was found in zj1983 zz up to 2024-8 and classified as critical. Affected by this issue is the function getUserOrgForUserId of the file src/main/java/com/futvan/z/system/zorg/ZorgAction.java. The manipulation of the argument userID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public
nvd
CVE-2025-1847P3HIGHCVSS 8.8≤ 2024-82025-03-03
CVE-2025-1847 [HIGH] CWE-266 CVE-2025-1847: A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affec
A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in a
nvd
CVE-2025-1846P3MEDIUMCVSS 6.5fixed in 2024-82025-03-03
CVE-2025-1846 [MEDIUM] CWE-404 CVE-2025-1846: A vulnerability was found in zj1983 zz up to 2024-8. It has been declared as problematic. This vulne
A vulnerability was found in zj1983 zz up to 2024-8. It has been declared as problematic. This vulnerability affects the function deleteLocalFile of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.java of the component File Handler. The manipulation of the argument zids leads to denial of service. The attack can be initiated remotely. The
nvd
CVE-2025-1813P3MEDIUMCVSS 6.5≤ 2024-82025-03-02
CVE-2025-1813 [MEDIUM] CWE-352 CVE-2025-1813: A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vul
A vulnerability classified as problematic was found in zj1983 zz up to 2024-08. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did
nvd
CVE-2025-1830P4MEDIUMCVSS 4.8≤ 2024-82025-03-02
CVE-2025-1830 [MEDIUM] CWE-79 CVE-2025-1830: A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue af
A vulnerability was found in zj1983 zz up to 2024-8. It has been rated as problematic. This issue affects some unknown processing of the component Customer Information Handler. The manipulation of the argument Customer Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
nvd