Filtered by vendor Cszcms
Subscriptions
Filtered by product Cszcms
Subscriptions
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-58307 | 1 Cszcms | 1 Cszcms | 2025-12-12 | N/A |
| CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information. | ||||
| CVE-2024-25414 | 1 Cszcms | 2 Csz Cms, Cszcms | 2025-03-14 | 9.8 Critical |
| An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. | ||||
| CVE-2022-28997 | 1 Cszcms | 1 Cszcms | 2024-11-21 | 7.5 High |
| CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. | ||||
Page 1 of 1.