Vulnerability Details CVE-2021-43701
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.3%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/166535/CSZ-CMS-1.2.9-SQL-Injection.html
- https://github.com/cskaza/cszcms/issues/31
- https://www.exploit-db.com/exploits/50846
- http://packetstormsecurity.com/files/166535/CSZ-CMS-1.2.9-SQL-Injection.html
- https://github.com/cskaza/cszcms/issues/31
- https://www.exploit-db.com/exploits/50846