← Back

Zwiicms

zwiicms

Vendor: Zwiicms • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-34467
1Zwiicms
1Zwiicms
Feb 2, 2026
Dec 31, 2025
5.3 MEDIUM· v4
4.3 MEDIUM· v3
N/A· v2
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated...Show more
ZwiiCMS versions prior to 13.7.00 contain a denial-of-service vulnerability in multiple administrative endpoints due to improper authorization checks combined with flawed resource state management. When an authenticated low-privilege user requests an administrative page, the application returns "404 Not Found" as expected, but incorrectly acquires and associates a temporary lock on the targeted resource with the attacker session prior to authorization. This lock prevents other users, including administrators, from accessing the affected functionality until the attacker navigates away or the session is terminated.Show less
CVE-2025-57130
1Zwiicms
1Zwiicms
Feb 2, 2026
Nov 5, 2025
N/A· v4
8.8 HIGH· v3
N/A· v2
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a lo...Show more
An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user, including administrators.Show less