A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.
References
Link | Resource |
---|---|
https://gist.github.com/komomon/24d3ea391af6f067c044fa47cb6c20d8 | Third Party Advisory |
https://www.cszcms.com/ | Product |
Configurations
History
11 Aug 2023, 16:51
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.cszcms.com/ - Product | |
References | (MISC) https://gist.github.com/komomon/24d3ea391af6f067c044fa47cb6c20d8 - Third Party Advisory | |
CWE | CWE-89 | |
CPE | cpe:2.3:a:cskaza:cszcms:1.3.0:*:*:*:*:*:*:* | |
First Time |
Cskaza
Cskaza cszcms |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
09 Aug 2023, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-08-09 14:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-34545
Mitre link : CVE-2023-34545
CVE.ORG link : CVE-2023-34545
JSON object : View
Products Affected
cskaza
- cszcms
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')