← Back

Zomplog

zomplog

Vendor: Zomp • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Zomp
1Zomplog
Jun 17, 2026
Dec 15, 2025
8.6 HIGH· v4
8.8 HIGH· v3
N/A· v2
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript)...Show more
Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to inject and execute arbitrary PHP code through file manipulation endpoints. Attackers can upload files (such as JavaScript) and rename them to .php via the saveE and rename actions, then execute the resulting PHP payload to run system commands.Show less
1Zomp
1Zomplog
Jun 17, 2026
Dec 15, 2025
5.1 MEDIUM· v4
5.4 MEDIUM· v3
N/A· v2
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute...Show more
Zomplog 3.9 contains a cross-site scripting vulnerability that allows authenticated users to inject malicious scripts when creating new pages. Attackers can craft malicious image source and onerror attributes to execute arbitrary JavaScript code in victim's browser.Show less
1Zomp
1Zomplog
Apr 23, 2026
May 20, 2008
N/A· v4
N/A· v3
7.5 HIGH· v2
Zomplog 3.8.2 and earlier allows remote attackers to gain administrative access by creating an admin account via a direct request to install/newuser.php with the admin parameter set to 1.
1Zomp
1Zomplog
Apr 23, 2026
May 13, 2008
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter.