Cszcms: >> Csz Cms >> 1.1.5 Security Vulnerabilities
A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-30
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.
CVSS Score
9.8
EPSS Score
0.508
Published
2019-06-30