CVE-2024-58307

Name of the Vulnerable Software and Affected Versions CSZCMS version 1.3.0

Description The software contains an authenticated SQL injection issue in the members view functionality. Authenticated attackers can manipulate database queries by injecting malicious SQL code through the view parameter. This allows for time-based blind SQL injection attacks, potentially leading to the extraction of database information. The affected API endpoint is the members view endpoint.

Recommendations Apply a fix for CSZCMS version 1.3.0 to address the SQL injection issue. As a temporary workaround, restrict access to the members view functionality to minimize the risk of exploitation.