3 matches found
CVE-2021-26830
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the ID input field of ajax.php in the Pugin library - delete module...
CVE-2021-26830
The CVE-2021-26830 issue affects Tribalsystems Zenario CMS 8.8.52729, where a SQL Injection vulnerability exists in the Pugin library - delete path, via the ID input in ajax.php. The root cause is lack of input sanitization on the ID parameter, allowing remote attackers to access the database or ...
Zenario CMS 8.8.53370 - 'id' Blind SQL Injection
Exploit Title: Zenario CMS 8.8.53370 - 'id' Blind SQL Injection Date: 05/02/2021 Exploit Author: Balaji Ayyasamy Vendor Homepage: https://zenar.io/ Software Link: https://github.com/TribalSystems/Zenario/releases/tag/8.8 Version: 8.8.53370 Tested on: Windows 10 Pro 19041 x6486 + XAMPP 7.4.14 CVE:...