CVE-2024-58307

CRITICAL EPSS 35.2%
Published Dec 11, 20256mo ago · Modified Jun 17, 20261w ago
9.3 CVSS 4.0
Critical
Find Similar
Published Dec 11, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

CVSS Details

Base Score
9.3
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
35.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-89 SQL Injection Injection

Affected Products 1

VendorProductVersionRange
cszcmscsz_cms1.3.0any

References 4

  • sourceforge.net https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download
    Product
  • cszcms.com https://www.cszcms.com/
    Product
  • exploit-db.com https://www.exploit-db.com/exploits/51916
    ExploitThird Party AdvisoryVDB Entry
  • vulncheck.com https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint
    Third Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.