exploitDog

CVE-2024-58307

Опубликовано: 11 дек. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

Ссылки

https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download
Product
https://www.cszcms.com/
Product
https://www.exploit-db.com/exploits/51916
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 24%

0.00082

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-hgp5-7jww-4753

CVSS3: 8.8

github

около 2 месяцев назад

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

EPSS

Процентиль: 24%

0.00082

Низкий

8.8 High

CVSS3

Дефекты

CWE-89