PT-2025-39186 · Csz Cms · Csz Cms
Published
2025-09-23
·
Updated
2025-09-23
·
CVE-2025-29083
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
CSZ-CMS version 1.3.0
Description
A SQL Injection issue exists in CSZ-CMS version 1.3.0. This allows a remote attacker to execute arbitrary code through the
execSqlFile function located in the Plugin Manager.php file. The vulnerability is triggered by manipulating SQL queries.Recommendations
Update CSZ-CMS to a newer version that addresses this issue.
As a temporary workaround, restrict access to the
Plugin Manager.php file.
Avoid using the execSqlFile function until the issue is resolved.Exploit
Fix
Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Csz Cms