Vulnerabilities > Cszcms > CSZ CMS > 1.2.2

DATE CVE VULNERABILITY TITLE RISK
2023-03-23 CVE-2020-19786 Unrestricted Upload of File with Dangerous Type vulnerability in Cszcms CSZ CMS 1.2.2
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
network
low complexity
cszcms CWE-434
8.8
8.8
2022-04-12 CVE-2022-27161 SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
network
low complexity
cszcms CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-27162 SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
network
low complexity
cszcms CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-27163 SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
network
low complexity
cszcms CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-27164 SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
network
low complexity
cszcms CWE-89
critical
 9.8
9.8
2022-04-12 CVE-2022-27165 SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
network
low complexity
cszcms CWE-89
critical
 9.8
9.8
2019-06-30 CVE-2019-13086 SQL Injection vulnerability in Cszcms CSZ CMS
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.
network
low complexity
cszcms CWE-89
critical
 9.8
9.8