CVE-2019-13086

Published June 30th, 2019

View on NVD ↗

CVSS v3

N/A

CVSS v2

7.5

HIGH

Affected

PROJECT

Description

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

cskaza/cszcms

Open Source CMS (Content Management System) with Codeigniter and Bootstrap.

GitHub