Cszcms: >> Csz Cms >> 1.2.3 Security Vulnerabilities
A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-10-30
CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.
CVSS Score
9.8
EPSS Score
0.024
Published
2019-08-26