Tribalsystems: >> Zenario >> 8.8.52729 Security Vulnerabilities
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
CVSS Score
9.1
EPSS Score
0.011
Published
2021-04-16
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to obtain sesnitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
CVSS Score
4.9
EPSS Score
0.002
Published
2021-04-15
Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component.
CVSS Score
4.8
EPSS Score
0.002
Published
2021-04-15