Unrated severityNVD Advisory· Published Dec 11, 2025· Updated Apr 7, 2026

CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint

CVE-2024-58307

Description

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

Affected products

CSZ CMS/CSZ CMSllm-fuzzy
Range: = 1.3.0
cszcms/CSZCMSv5
Range: 1.3.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.exploit-db.com/exploits/51916mitreexploit
www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpointmitrethird-party-advisory
sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/downloadmitreproduct
www.cszcms.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000