Vulnerabilities > Cszcms > CSZ CMS > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-04-12 | CVE-2022-27161 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers | 7.5 |
2022-04-12 | CVE-2022-27162 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser | 7.5 |
2022-04-12 | CVE-2022-27163 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser | 7.5 |
2022-04-12 | CVE-2022-27164 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers | 7.5 |
2022-04-12 | CVE-2022-27165 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus | 7.5 |
2021-10-27 | CVE-2020-21250 | SQL Injection vulnerability in Cszcms CSZ CMS 1.2.4 CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. | 7.5 |
2019-08-26 | CVE-2019-15524 | Unrestricted Upload of File with Dangerous Type vulnerability in Cszcms CSZ CMS 1.2.3 CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. | 7.5 |
2019-06-30 | CVE-2019-13086 | SQL Injection vulnerability in Cszcms CSZ CMS core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. | 7.5 |