Every CVE whose affected-product data names Cskaza Cszcms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2021-46377 — CVSS 9.8 (critical): There is a front-end sql injection vulnerability in cszcms 1.2.9 via cszcms/controllers/Member.php#viewUser
CVE-2023-34545 — CVSS 9.8 (critical): A SQL injection vulnerability in CSZCMS 1.3.0 allows remote attackers to run arbitrary SQL commands via p parameter or the search URL.
CVE-2020-36136 — CVSS 7.5 (high): SQL Injection vulnerability in cskaza cszcms version 1.2.9, allows attackers to gain sensitive information via pm_sendmail parameter in…
CVE-2023-41436 — CVSS 5.4 (medium): Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the…
CVE-2023-6302 — CVSS 4.7 (medium): A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file…
CVE-2023-6303 — CVSS 2.4 (low): A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/…