Vulnerabilities > Aas9 > Zerocms > 1.3.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-06 | CVE-2015-1442 | SQL Injection vulnerability in Aas9 Zerocms 1.0/1.3.2/1.3.3 SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. | 7.5 |