1.3.3

DATE	CVE	VULNERABILITY TITLE	RISK
2015-02-06	CVE-2015-1442	SQL Injection vulnerability in Aas9 Zerocms 1.0/1.3.2/1.3.3 SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. network low complexity aas9 CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.