CRITICAL🇵🇱 Wersja polska

CVE-2024-58307

CVSS 9.3v4.0pub. 2025-12-11upd. 2025-12-22

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Cszcms Csz Cms

    APP
    Cszcms
    1.3.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2024-25414CRITICAL9.8PL ✓ten sam produkt

CSZ CMS 1.3.0 — arbitrary file upload umożliwiający RCE

CVE-2022-27161CRITICAL9.8ten sam produkt

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers

CVE-2022-27162CRITICAL9.8ten sam produkt

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser

CVE-2022-27163CRITICAL9.8ten sam produkt

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser

CVE-2022-27164CRITICAL9.8ten sam produkt

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers