82 matches found
Server side request forgery (ssrf)
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery SSRF which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/...
CVE-2022-28997
CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery SSRF which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/...
CVE-2022-28997
CSZCMS v1.3.0 is affected by a Server-Side Request Forgery (SSRF) vulnerability that can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/. The issue, documented in CVE-2022-28997 and reported across multiple sources (NVD, Red Hat, CVE List, etc.), in...
CSZCMS 代码问题漏洞
CSZCMS is an open source web application that allows managing all content and settings on a website. A security vulnerability exists in CSZCMS version 1.3.0 that originates from the leakage of sensitive data via local files in /admin/filemanager/connector/...
CVE-2022-27164
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcmsadminUsersviewUsers...
CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution Vulnerabilities
Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows, MySQL, Apache 1 -...
CSZCMS 1.3.0 SSRF / LFI / Remote Code Execution
Title: CSZCMS V1.3.0 - SSRF To LFI To Rce Author: Hejap Zairy Date: 07.04.2022 Vendor: https://sourceforge.net/projects/cszcms/files/install/ Software: https://liquidtelecom.dl.sourceforge.net/project/cszcms/install/CSZCMS-V1.3.0.zip Reference: https://github.com/Matrix07ksa Tested on: Windows,...
CVE-2021-46377
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.phpviewUser...
CVE-2021-46377
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.phpviewUser...
CVE-2021-46377
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.phpviewUser...
Sql injection
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.phpviewUser...
CVE-2021-46377
CSZ CMS 1.2.9 contains a front-end SQL injection vulnerability exploitable through cszcms/controllers/Member.php#viewUser. The issue is documented across multiple sources (CVE-2021-46377) with high severity (CVSSv3.1 base score 9.8; impact to confidentiality, integrity, and availability) and a ne...
CVE-2021-46377
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.phpviewUser...
SQL Injection Vulnerability in cszcms (CNVD-2021-39092)
cszcms is an open source web application that allows to manage all the content and settings on the website. A SQL injection vulnerability exists in cszcms. An attacker can exploit the vulnerability to obtain sensitive information about the database...
SQL Injection Vulnerability in cszcms
cszcms is an open source content management system. cszcms has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...
CVE-2021-3224
A stored cross-site scripting XSS vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter...
CVE-2021-3224
A stored cross-site scripting XSS vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter...
Cross site scripting
A stored cross-site scripting XSS vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter...
CVE-2021-3224
CSZ CMS 1.2.9 contains a stored XSS in /admin/pages/new via the content parameter. This CVE (CVE-2021-3224) is consistently described across multiple feeds (NVD, CNVD, Red Hat, CNVD CNVD, etc.) as a stored XSS vulnerability in CSZ CMS. The core issue is input in the content field being reflected ...
CVE-2021-3224
A stored cross-site scripting XSS vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter...