Primary

Context

CSZCMS SQL Injection Vulnerability in Members View Endpoint

Vulnerability

An authenticated SQL injection vulnerability has been identified in CSZCMS version 1.3.0. This vulnerability exists within the members view functionality, allowing authenticated attackers to manipulate database queries. By injecting malicious SQL code through the view parameter, attackers could execute time-based blind SQL injection attacks and extract information from the database.

Impact

Exploitation of this vulnerability allows for authenticated SQL injection, with the potential to execute time-based blind SQL injection attacks and extract database information.

Reproduction

To reproduce this vulnerability, log into the admin portal and navigate to the 'Member Users' section. Click the 'View' button next to any username. Intercept the request and modify the view parameter to inject a SQL payload, such as 'or(sleep(10))', which exploits the time-based blind SQL injection vulnerability.

Added: Dec 11, 2025, 10:28 PM

Updated: Dec 11, 2025, 10:28 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.8

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

6.8

remediation

0.0

relevance

1.5

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

CSZCMS SQL Injection Vulnerability in Members View Endpoint

Vulnerability

Impact

Reproduction

Affected Products

CSZ CMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating