CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HCszcms Csz Cms
APPCszcms1.2.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
Related vulnerabilities
CVE-2024-58307CRITICAL9.3PL ✓ten sam produkt
SQL Injection w CSZCMS 1.3.0 — funkcja podglądu członków
CVE-2024-25414CRITICAL9.8PL ✓ten sam produkt
CSZ CMS 1.3.0 — arbitrary file upload umożliwiający RCE
CVE-2022-27162CRITICAL9.8ten sam produkt
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVE-2022-27163CRITICAL9.8ten sam produkt
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CVE-2022-27161CRITICAL9.8ten sam produkt
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers