Cszcms CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Cszcms Subscriptions

Search

Switch to Advanced Search (Beta)

Total 28 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-37144	1 Cszcms	1 Csz Cms	2024-11-21	9.1 Critical
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
CVE-2021-26776	1 Cszcms	1 Csz Cms	2024-11-21	5.4 Medium
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
CVE-2020-25392	1 Cszcms	1 Csz Cms	2024-11-21	5.4 Medium
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.
CVE-2020-25391	1 Cszcms	1 Csz Cms	2024-11-21	5.4 Medium
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.
CVE-2020-21250	1 Cszcms	1 Csz Cms	2024-11-21	9.8 Critical
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
CVE-2019-7566	1 Cszcms	1 Csz Cms	2024-11-21	N/A
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.
CVE-2019-15524	1 Cszcms	1 Csz Cms	2024-11-21	N/A
CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.
CVE-2019-13086	1 Cszcms	1 Csz Cms	2024-11-21	N/A
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

« first previous Page 2 of 2.