Cszcms: >> Csz Cms >> 1.2.2 Security Vulnerabilities
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-03-23
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
CVSS Score
9.8
EPSS Score
0.003
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
CVSS Score
9.8
EPSS Score
0.002
Published
2022-04-12
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.
CVSS Score
9.8
EPSS Score
0.508
Published
2019-06-30