2 matches found
CVE-2019-13086
core/MYSecurity.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrfcsz parameter...
CVE-2019-13086
CSZ CMS 1.2.2 (before 2019-06-20) contains a SQL injection in core/MY_Security.php at the member/login/check path, triggered by a crafted HTTP User-Agent header and omission of the csrf_csz parameter. Root cause: lack of validation/sanitization in the SQL statement when processing the User-Agent ...