Vulnerabilities > Cskaza > Cszcms > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-09 CVE-2023-34545 SQL Injection vulnerability in Cskaza Cszcms 1.3.0
A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.
network
low complexity
cskaza CWE-89
critical
 9.8
9.8
2022-01-27 CVE-2021-46377 SQL Injection vulnerability in Cskaza Cszcms 1.2.9
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser
network
low complexity
cskaza CWE-89
critical
 9.8
9.8