CSZCMS is an open source web application that allows to manage all the content and settings on the website. A SQL injection vulnerability exists in CSZCMS version 1.2.9, which stems from a lack of validation of externally entered SQL statements in the pm_sendmail parameter in csz_model.php. An attacker can exploit this vulnerability to execute illegal SQL commands to steal sensitive database data.
CPE | Name | Operator | Version |
---|---|---|---|
cszcms cszcms | eq | 1.2.9 |