What is CVE-2019-13086?

CVE-2019-13086 is a vulnerability in N/a. Published 2019-06-30.

Is CVE-2019-13086 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-13086

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

EPSS: 0.508 (97.9th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

lingchuL/CVE_POC_test
0xT11/CVE-POC
SexyBeast233/SecBooks
developer3000S/PoC-in-GitHub
hectorgie/PoC-in-GitHub
lingchuL/CVE_
superlink996/chunqiuyunjingbachang

References

github.com/cskaza/cszcms/issues/19 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-13086?: CVE-2019-13086 is a vulnerability in N/a. Published 2019-06-30.
Is CVE-2019-13086 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.