Yxyx

**Name of the Vulnerable Software and Affected Versions** CSZ CMS version 1.2.2 **Description** The issue allows for SQL injection by sending a crafted HTTP User-Agent header and omitting the `csrf csz` parameter in the `core/MY Security.php` file. **Recommendations** For CSZ CMS version 1.2.2, as a temporary workaround, consider restricting access to the `member/login/check` endpoint until a patch is available. Avoid using the `csrf csz` parameter omission in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.