📦 Csz Cms
by Cszcms
🔍 What is Csz Cms?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-25414 is a critical arbitrary file upload vulnerability in CSZ CMS v1.3.0 that allows attackers to upload malicious Zip files containing PHP shells to the /admin/upgrade endpoint, leading to ...
CVE-2022-27161 is a critical SQL injection vulnerability in CSZ CMS 1.2.2 that allows attackers to execute arbitrary SQL commands via the cszcms_admin_Members_viewUsers endpoint. This affects all syst...
CVE-2022-27163 is a critical SQL injection vulnerability in CSZ CMS 1.2.2 that allows attackers to execute arbitrary SQL commands through the admin user edit functionality. This affects all systems ru...
CVE-2022-27165 is a critical SQL injection vulnerability in CSZ CMS 1.2.2 that allows attackers to execute arbitrary SQL commands via the cszcms_admin_Plugin_manager_setstatus endpoint. This affects a...
CVE-2020-21250 is an arbitrary file upload vulnerability in CSZ CMS v1.2.4 that allows attackers to upload malicious files to the server. This affects all systems running the vulnerable version of CSZ...
CVE-2021-37144 is an arbitrary file deletion vulnerability in CSZ CMS 1.2.9 that allows attackers to delete files on the server by exploiting insufficient input sanitization in PHP's unlink() function...
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality. Authenticated attackers can inject malicious SQL code through the view parameter to execute time-b...
This vulnerability allows attackers to upload malicious PHP files through CSZ CMS's file upload functionality, leading to remote code execution. It affects all users running CSKaza CSZ CMS versions be...
This SQL injection vulnerability in CSZ-CMS allows authenticated administrators to execute arbitrary SQL queries through the Form Builder view functionality. It affects all installations running CSZ-C...
This SQL injection vulnerability in CSZ-CMS v1.3.0 allows remote attackers to execute arbitrary SQL commands through the execSqlFile function in Upgrade.php. Attackers can potentially read, modify, or...