PT-2023-11807 · Cskaza · Csz Cms
Cuhanboy
·
Published
2023-08-11
·
Updated
2023-08-15
·
CVE-2020-36136
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
cskaza cszcms version 1.2.9
Description
The issue allows attackers to gain sensitive information via the
pm sendmail parameter in csz model.php. This is a SQL Injection vulnerability, which can be exploited to obtain sensitive data.Recommendations
For cskaza cszcms version 1.2.9, consider disabling the
pm sendmail parameter in csz model.php as a temporary workaround until a patch is available. Restrict access to the csz model.php file to minimize the risk of exploitation. Avoid using the pm sendmail parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Csz Cms