CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Aas9: >> Zerocms >> 1.3.3 Security Vulnerabilities

CVE-2015-1442

SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.

CVSS Score

7.5

EPSS Score

0.01

Published

2015-02-06

Page 1

Vulnerabilities

Vulnerable Software

Aas9: >> Zerocms >> 1.3.3 Security Vulnerabilities

Products

Pricing

Contact Us