CVE-2024-58307

HIGH

Cszcms Csz Cms - SQL Injection

Title source: rule

Description

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

Exploits (1)

exploitdb WORKING POC

by Abdulaziz Almetairy · textwebappsphp

https://www.exploit-db.com/exploits/51916

View Code ZIP pw:eip

References (4)

[Product] https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download

[Product] https://www.cszcms.com/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/51916

[Third Party Advisory] https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint

Scores

CVSS v3 8.8

EPSS 0.0012

EPSS Percentile 31.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (2)

cszcms/csz_cms 1.3.0

cszcms/CSZCMS 1.3.0

Published Dec 11, 2025

Tracked Since Feb 18, 2026