PT-2023-11807 · Cskaza · Csz Cms

Cuhanboy

Publicado

2023-08-11

Atualizado

2023-08-15

CVE-2020-36136

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions cskaza cszcms version 1.2.9

Description The issue allows attackers to gain sensitive information via the pm sendmail parameter in csz model.php. This is a SQL Injection vulnerability, which can be exploited to obtain sensitive data.

Recommendations For cskaza cszcms version 1.2.9, consider disabling the pm sendmail parameter in csz model.php as a temporary workaround until a patch is available. Restrict access to the csz model.php file to minimize the risk of exploitation. Avoid using the pm sendmail parameter in the affected API endpoint until the issue is resolved.

Exploit

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

CVE-2020-36136

Produtos afetados

Csz Cms

PT-2023-11807 · Cskaza · Csz Cms

CVE-2020-36136

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 5