Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Cszcms Subscribe
Filtered by product Csz Cms
Total 15 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27161 1 Cszcms 1 Csz Cms 2022-04-18 7.5 HIGH 9.8 CRITICAL
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
CVE-2022-27165 1 Cszcms 1 Csz Cms 2022-04-18 7.5 HIGH 9.8 CRITICAL
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
CVE-2022-27162 1 Cszcms 1 Csz Cms 2022-04-18 7.5 HIGH 9.8 CRITICAL
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVE-2022-27163 1 Cszcms 1 Csz Cms 2022-04-18 7.5 HIGH 9.8 CRITICAL
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CVE-2022-27164 1 Cszcms 1 Csz Cms 2022-04-18 7.5 HIGH 9.8 CRITICAL
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
CVE-2021-43701 1 Cszcms 1 Csz Cms 2022-04-05 4.0 MEDIUM 6.5 MEDIUM
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
CVE-2020-21250 1 Cszcms 1 Csz Cms 2021-10-28 7.5 HIGH 9.8 CRITICAL
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
CVE-2021-37144 1 Cszcms 1 Csz Cms 2021-08-09 6.4 MEDIUM 9.1 CRITICAL
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
CVE-2020-25391 1 Cszcms 1 Csz Cms 2021-07-12 3.5 LOW 5.4 MEDIUM
A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.
CVE-2020-25392 1 Cszcms 1 Csz Cms 2021-07-12 3.5 LOW 5.4 MEDIUM
A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.
CVE-2021-26776 1 Cszcms 1 Csz Cms 2021-03-17 3.5 LOW 5.4 MEDIUM
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
CVE-2021-3224 1 Cszcms 1 Csz Cms 2021-03-11 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
CVE-2019-15524 1 Cszcms 1 Csz Cms 2019-08-30 7.5 HIGH 9.8 CRITICAL
CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.
CVE-2019-13086 1 Cszcms 1 Csz Cms 2019-07-03 7.5 HIGH 9.8 CRITICAL
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.
CVE-2019-7566 1 Cszcms 1 Csz Cms 2019-02-07 6.8 MEDIUM 8.8 HIGH
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.