Description
ServerZilla 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to reset.php with malicious email values containing SQL operators to bypass authentication and extract sensitive database information.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45817
Third Party Advisory third-party-advisory
https://www.vulncheck.com/advisories/serverzilla-sql-injection-via-email-parameter
Scores
CVSS v3
8.2
EPSS
0.0031
EPSS Percentile
53.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-89
Status
published
Published
Mar 06, 2026
Tracked Since
Mar 06, 2026