CVE-2022-27163

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser

CVE-2022-27162

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser

CVE-2019-13086

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

CVE-2022-27161

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers

CVE-2022-27165

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus

CVE-2024-25414

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.

CVE-2022-27164

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers

CVE-2021-37144

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

CVE-2020-21250

CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.

CVE-2019-15524

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.