CVE-2024-58307
CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.
| CWE | CWE-89 |
| Vendor | cszcms |
| Product | cszcms |
| Published | Dec 11, 2025 |
| Last Updated | Apr 7, 2026 |
Stay Ahead of the Next One
Get instant alerts for cszcms cszcms
Be the first to know when new unknown vulnerabilities affecting cszcms cszcms are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
cszcms / CSZCMS
1.3.0
References
exploit-db.com: https://www.exploit-db.com/exploits/51916 cszcms.com: https://www.cszcms.com/ sourceforge.net: https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download vulncheck.com: https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint
Credits
Abdulaziz Almetairy