CVE-2013-3050

ZAPms <1.41 - SQL Injection

Title source: llm
STIX 2.1

Description

SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.

Exploits (1)

exploitdb WORKING POC VERIFIED
by NoGe · textwebappsphp
https://www.exploit-db.com/exploits/24942

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/92236
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/24942
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/52946
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/58960
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/83313
Various Sources x_refsource_misc
http://www.zapms.de/open_source_cms_en

Scores

EPSS 0.0421
EPSS Percentile 88.8%

Details

CWE
CWE-89
Status published
Products (3)
zapms/zapms 1.33
zapms/zapms 1.40
zapms/zapms < 1.41
Published Apr 12, 2013
Tracked Since Feb 18, 2026