CRITICAL🇵🇱 Wersja polska

CVE-2021-37144

CVSS 9.1v3.1pub. 2021-07-30upd. 2024-11-21

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Cszcms Csz Cms

    APP
    Cszcms
    1.2.9
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-58307CRITICAL9.3PL ✓ten sam produkt

SQL Injection w CSZCMS 1.3.0 — funkcja podglądu członków

CVE-2024-25414CRITICAL9.8PL ✓ten sam produkt

CSZ CMS 1.3.0 — arbitrary file upload umożliwiający RCE

CVE-2022-27162CRITICAL9.8ten sam produkt

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser

CVE-2022-27163CRITICAL9.8ten sam produkt

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser

CVE-2022-27161CRITICAL9.8ten sam produkt

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers