CNNVD-202512-2049 Information

CNNVD ID

CNNVD-202512-2049

Related CVE

CVE-2024-58307

• CNNVD Published: 2025-12-11

Description (Chinese)

CSZCMS是Cskaza Bassist个人开发者的一个开源网络应用程序，允许管理网站上的所有内容和设置。 CSZCMS 1.3.0版本存在SQL注入漏洞，该漏洞源于成员视图功能存在SQL注入，可能导致提取数据库信息。

Description (English)

CSZCMS is an open-source web application for Cskaza Bassist personal developers that allows for the management of all content and settings on the website. Version 1.3.0 of CSZCMS has an SQL injection loophole, which stems from the SQL injection of the member view function and may lead to the extraction of database information.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

个人开发者

Published

2025-12-11

Last Modified

2026-02-24

References

https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download https://www.cszcms.com/ https://www.exploit-db.com/exploits/51916 https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint