Vulnerabilities > Cszcms

DATE	CVE	VULNERABILITY TITLE	RISK
2022-04-12	CVE-2022-27165	SQL Injection vulnerability in Cszcms CSZ CMS 1.2.2 CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus network low complexity cszcms CWE-89 critical	9.8
2022-03-29	CVE-2021-43701	SQL Injection vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters. network low complexity cszcms CWE-89	6.5
2021-10-27	CVE-2020-21250	SQL Injection vulnerability in Cszcms CSZ CMS 1.2.4 CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. network low complexity cszcms CWE-89 critical	9.8
2021-07-30	CVE-2021-37144	Use of Incorrectly-Resolved Name or Reference vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. network low complexity cszcms CWE-706 critical	9.1
2021-07-09	CVE-2020-25391	Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module. network low complexity cszcms CWE-79	5.4
2021-07-09	CVE-2020-25392	Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin. network low complexity cszcms CWE-79	5.4
2021-03-11	CVE-2021-26776	Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. network low complexity cszcms CWE-79	5.4
2021-03-10	CVE-2021-3224	Cross-site Scripting vulnerability in Cszcms CSZ CMS 1.2.9 A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. network low complexity cszcms CWE-79	5.4
2019-08-26	CVE-2019-15524	Unrestricted Upload of File with Dangerous Type vulnerability in Cszcms CSZ CMS 1.2.3 CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI. network low complexity cszcms CWE-434 critical	9.8
2019-06-30	CVE-2019-13086	SQL Injection vulnerability in Cszcms CSZ CMS core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter. network low complexity cszcms CWE-89 critical	9.8

Vulnerabilities > Cszcms {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cszcms"}]}

Vulnerabilities > Cszcms