CVE-2020-36136 Information

Description

SQL Injection vulnerability in cskaza cszcms version 1.2.9 allows attackers to gain sensitive information via pm_sendmail parameter in csz_model.php.

Reference

https://github.com/cskaza/cszcms/issues/26