cskaza/cszcms

GitHub

github.com

www.cszcms.com

Releases18

Frequency6 months 3 weeks

Last Release 8 months ago

Stars49

Open Source CMS (Content Management System) with Codeigniter and Bootstrap.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-36136 ↗	Aug 11, 2023Friday, 11 August 2023, 14:15	7.5 HIGH	—
SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.
CVE-2020-19786 ↗	Mar 23, 2023Thursday, 23 March 2023, 20:15	8.8 HIGH	—
File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.
CVE-2022-27165 ↗	Apr 12, 2022Tuesday, 12 April 2022, 16:15	9.8 CRITICAL	7.5 HIGH
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
CVE-2022-27164 ↗	Apr 12, 2022Tuesday, 12 April 2022, 16:15	9.8 CRITICAL	7.5 HIGH
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
CVE-2022-27163 ↗	Apr 12, 2022Tuesday, 12 April 2022, 16:15	9.8 CRITICAL	7.5 HIGH
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CVE-2022-27162 ↗	Apr 12, 2022Tuesday, 12 April 2022, 16:15	9.8 CRITICAL	7.5 HIGH
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVE-2022-27161 ↗	Apr 12, 2022Tuesday, 12 April 2022, 16:15	9.8 CRITICAL	7.5 HIGH
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers
CVE-2021-43701 ↗	Mar 29, 2022Tuesday, 29 March 2022, 16:15	6.5 MEDIUM	4 MEDIUM
CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.
CVE-2021-46377 ↗	Jan 27, 2022Thursday, 27 January 2022, 18:15	9.8 CRITICAL	7.5 HIGH
There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser
CVE-2020-21250 ↗	Oct 27, 2021Wednesday, 27 October 2021, 20:15	9.8 CRITICAL	7.5 HIGH
CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.
CVE-2021-37144 ↗	Jul 30, 2021Friday, 30 July 2021, 14:15	9.1 CRITICAL	6.4 MEDIUM
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.
CVE-2021-26776 ↗	Mar 11, 2021Thursday, 11 March 2021, 17:15	5.4 MEDIUM	3.5 LOW
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
CVE-2021-3224 ↗	Mar 10, 2021Wednesday, 10 March 2021, 14:15	5.4 MEDIUM	3.5 LOW
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
CVE-2019-13086 ↗	Jun 30, 2019Sunday, 30 June 2019, 17:15	—	7.5 HIGH
core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.
CVE-2019-7566 ↗	Feb 7, 2019Thursday, 7 February 2019, 07:29	—	6.8 MEDIUM
CSZ CMS 1.1.8 has CSRF via admin/users/new/add.