CVE-2019-13086

Name of the Vulnerable Software and Affected Versions CSZ CMS version 1.2.2

Description The issue allows for SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf csz parameter in the core/MY Security.php file.

Recommendations For CSZ CMS version 1.2.2, as a temporary workaround, consider restricting access to the member/login/check endpoint until a patch is available. Avoid using the csrf csz parameter omission in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.