CVE-2014-4194

Name of the Vulnerable Software and Affected Versions ZeroCMS version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the article id parameter in a Submit Comment action, specifically targeting the zero transact article.php file.

Recommendations For ZeroCMS version 1.0, consider restricting access to the vulnerable zero transact article.php file until a patch is available. As a temporary workaround, avoid using the article id parameter in the Submit Comment action to minimize the risk of exploitation.