CVE-2021-26830
Published
CVSS v3
9.1
CRITICAL
CVSS v2
6.4
MEDIUM
Affected
1
PROJECT
Description
SQL Injection in Tribalsystems Zenario CMS 8.8.52729 allows remote attackers to access the database or delete the plugin. This is accomplished via the `ID` input field of ajax.php in the `Pugin library - delete` module.
Zenario is a web-based content management system (CMS) for sites with one or many languages. It is simple to use, and can grow with your requirements.
GitHub