VYPR

CSZ CMS

by CSZ CMS

CVEs (27)

  • CVE-2019-13086CriJun 30, 2019
    risk 0.66cvss 9.8epss 0.32

    core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

  • CVE-2024-25414CriFeb 16, 2024
    risk 0.64cvss 9.8epss 0.02

    An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.

  • CVE-2022-27165CriApr 12, 2022
    risk 0.64cvss 9.8epss 0.01

    CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus

  • CVE-2022-27164CriApr 12, 2022
    risk 0.64cvss 9.8epss 0.01

    CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers

  • CVE-2022-27163CriApr 12, 2022
    risk 0.64cvss 9.8epss 0.01

    CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser

  • CVE-2022-27162CriApr 12, 2022
    risk 0.64cvss 9.8epss 0.01

    CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser

  • CVE-2022-27161CriApr 12, 2022
    risk 0.64cvss 9.8epss 0.01

    Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers

  • CVE-2019-15524CriAug 26, 2019
    risk 0.64cvss 9.8epss 0.03

    CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.

  • CVE-2021-37144CriJul 30, 2021
    risk 0.59cvss 9.1epss 0.01

    CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

  • CVE-2020-19786HigMar 23, 2023
    risk 0.57cvss 8.8epss 0.01

    File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.

  • CVE-2019-7566HigFeb 7, 2019
    risk 0.57cvss 8.8epss 0.01

    CSZ CMS 1.1.8 has CSRF via admin/users/new/add.

  • CVE-2021-43701MedMar 29, 2022
    risk 0.46cvss 6.5epss 0.03

    CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.

  • CVE-2024-27734MedMar 1, 2024
    risk 0.40cvss 6.1epss 0.00

    A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component.

  • CVE-2023-41601MedSep 6, 2023
    risk 0.40cvss 6.1epss 0.00

    Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.

  • CVE-2023-38910MedAug 18, 2023
    risk 0.40cvss 6.1epss 0.00

    CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.

  • CVE-2024-27752MedApr 19, 2024
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the Default Keyword field in the settings function.

  • CVE-2023-39599MedAug 22, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.

  • CVE-2023-38911MedAug 18, 2023
    risk 0.35cvss 5.4epss 0.00

    A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.

  • CVE-2020-25392MedJul 9, 2021
    risk 0.35cvss 5.4epss 0.00

    A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.

  • CVE-2020-25391MedJul 9, 2021
    risk 0.35cvss 5.4epss 0.00

    A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.

Page 1 of 2