Home

Description

A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.

PUBLISHED Reserved 2025-10-27 | Published 2025-10-30 | Updated 2025-10-30 | Assigner mitre

References

github.com/...it/blob/main/csz-cms-vulnerability-analysis.md

cve.org (CVE-2025-63608)

nvd.nist.gov (CVE-2025-63608)

Download JSON