CVE-2025-63608

MEDIUM

5.4

Descricao

A SQL injection vulnerability exists in CSZ-CMS <=1.3.0 in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries.

Detalhes CVE

Pontuacao CVSS v3.15.4

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado10/30/2025

Ultima modificacao12/22/2025

Fontenvd

Avistamentos honeypot0

Produtos afetados

cszcms:csz_cms

Fraquezas (CWE)

CWE-89

Referencias

https://github.com/Huu1j/CSZ_CMS-exploit/blob/main/csz-cms-vulnerability-analysis.md(cve@mitre.org)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.