zanfi_solutions 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk sql injection and パス処理の欠陥 があり、vendor surface software deployment and vendor surface production workloads の利用場面で vendor impact data exposure and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2008-4159 | SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter. | [email protected] | 7.5 | 0.41% | 2008-09-22 | 2026-04-23 |
| CVE-2008-4158 | Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters. | [email protected] | 6.8 | 3.29% | 2008-09-22 | 2026-04-23 |
| CVE-2008-4074 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action. | [email protected] | 7.5 | 0.58% | 2008-09-15 | 2026-04-23 |
| CVE-2008-4073 | SQL injection vulnerability in index.php in Zanfi Autodealers CMS AutOnline allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a DBpAGE action. | [email protected] | 7.5 | 0.63% | 2008-09-15 | 2026-04-23 |
| CVE-2004-2196 | Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. | [email protected] | 5.0 | 1.28% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2195 | PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | [email protected] | 5.0 | 0.83% | 2004-12-31 | 2026-04-16 |