Home

Description

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

PUBLISHED Reserved 2025-12-11 | Published 2025-12-11 | Updated 2025-12-18 | Assigner VulnCheck




CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Product status

Default status
unaffected

1.3.0
affected

Credits

Abdulaziz Almetairy finder

References

www.exploit-db.com/exploits/51916 (ExploitDB-51916) exploit

www.cszcms.com/ (CSZCMS Homepage) product

sourceforge.net/.../files/install/CSZCMS-V1.3.0.zip/download (CSZCMS Download Page) product

www.vulncheck.com/...sql-injection-via-members-view-endpoint (VulnCheck Advisory: CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint) third-party-advisory

cve.org (CVE-2024-58307)

nvd.nist.gov (CVE-2024-58307)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.