CVE-2024-58307 - Vulnerability Details

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable yes

Technical Impact total

Vendors	Products
Cszcms	Cszcms

No data.

References

Link	Providers
https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download
https://www.cszcms.com/
https://www.exploit-db.com/exploits/51916
https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint

History

Thu, 18 Dec 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 12 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cszcms Cszcms cszcms
Vendors & Products		Cszcms Cszcms cszcms

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.
Title		CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint
Weaknesses		CWE-89
References		https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download https://www.cszcms.com/ https://www.exploit-db.com/exploits/51916 https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-11T21:41:54.372Z

Updated: 2025-12-18T21:37:15.669Z

Reserved: 2025-12-11T11:49:20.718Z

Link: CVE-2024-58307

Vulnrichment

Updated: 2025-12-18T21:37:10.370Z

NVD

Status : Undergoing Analysis

Published: 2025-12-11T22:15:52.173

Modified: 2025-12-12T15:17:31.973

Link: CVE-2024-58307

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation poc

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object