Cszcms: >> Csz Cms Security Vulnerabilities
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
CVSS Score
6.5
EPSS Score
0.001
Published
2022-03-29
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
CVSS Score
9.8
EPSS Score
0.005
Published
2021-10-27
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
CVSS Score
9.1
EPSS Score
0.003
Published
2021-07-30
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-09
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-09
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-11
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-03-10