CNNVD-202510-4234 Information

CNNVD ID

CNNVD-202510-4234

Related CVE

CVE-2025-63608

• CNNVD Published: 2025-10-30

Description (Chinese)

CSZ-CMS是CSZ-CMS开源的一套基于PHP的开源内容管理系统（CMS）。 CSZ-CMS 1.3.0及之前版本存在安全漏洞，该漏洞源于表单查看功能中的field参数未经验证，可能导致SQL注入攻击。

Description (English)

CSZ-CMS is a PHP-based open-source content management system (CMS) for CSZ-CMS open sources. CSZ-CMS 1.3.0 and previous versions have a security loophole, which stems from unverified field parameters in the form viewing function, which could lead to an SQL injection attack.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

CSZ-CMS

Published

2025-10-30

Last Modified

2026-02-24

References

https://github.com/Huu1j/CSZ_CMS-exploit/blob/main/csz-cms-vulnerability-analysis.md https://access.redhat.com/security/cve/cve-2025-63608

Patch

https://github.com/cskaza/cszcms/releases