exploitDog

CVE-2025-63608

Опубликовано: 30 окт. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.

Ссылки

https://github.com/Huu1j/CSZ_CMS-exploit/blob/main/csz-cms-vulnerability-analysis.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cszcms:csz_cms:*:*:*:*:*:*:*:*

Версия до 1.3.0 (включая)

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-2326-jr9x-m329

CVSS3: 6.5

github

3 месяца назад

A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.

EPSS

Процентиль: 10%

0.00034

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-89