Cszcms Csz_cms
29 CVEs affecting Cszcms Csz_cms. Latest disclosed: 2025-12-23. Critical: 10, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-25414 | Critical | 9.8 | 2024-02-16 | An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. |
CVE-2022-27165 | Critical | 9.8 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus |
CVE-2022-27164 | Critical | 9.8 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers |
CVE-2022-27163 | Critical | 9.8 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser |
CVE-2022-27162 | Critical | 9.8 | 2022-04-12 | CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser |
CVE-2022-27161 | Critical | 9.8 | 2022-04-12 | Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers |
CVE-2020-21250 | Critical | 9.8 | 2021-10-27 | CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php. |
CVE-2019-15524 | Critical | 9.8 | 2019-08-26 | CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execu… |
CVE-2019-13086 | Critical | 9.8 | 2019-06-30 | core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_… |
CVE-2021-37144 | Critical | 9.1 | 2021-07-30 | CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the… |
CVE-2024-58307 | High | 8.8 | 2025-12-11 | CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database… |
CVE-2020-19786 | High | 8.8 | 2023-03-23 | File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file. |
CVE-2019-7566 | High | 8.8 | 2019-02-07 | CSZ CMS 1.1.8 has CSRF via admin/users/new/add. |
CVE-2025-29084 | Medium | 6.5 | 2025-09-23 | SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Upgrade.php file. |
CVE-2025-29083 | Medium | 6.5 | 2025-09-23 | SQL Injection vulnerability in CSZ-CMS v.1.3.0 allows a remote attacker to execute arbitrary code via the execSqlFile function in the Plugin_Manager.php file. |
CVE-2021-43701 | Medium | 6.5 | 2022-03-29 | CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby para… |
CVE-2024-27734 | Medium | 6.1 | 2024-03-01 | A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site S… |
CVE-2023-41601 | Medium | 6.1 | 2023-09-06 | Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a craft… |
CVE-2023-38910 | Medium | 6.1 | 2023-08-18 | CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the… |
CVE-2021-47738 | Medium | 5.4 | 2025-12-23 | CSZ CMS 1.2.7 contains a persistent cross-site scripting vulnerability that allows unauthorized users to embed malicious JavaScript in private messages. Attack… |