CVE-2024-58307 - Vulnerability Details

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Cszcms	Cszcms

No data.

References

Link	Providers
https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download
https://www.cszcms.com/
https://www.exploit-db.com/exploits/51916
https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint

History

Fri, 12 Dec 2025 09:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Cszcms Cszcms cszcms
Vendors & Products		Cszcms Cszcms cszcms

Thu, 11 Dec 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.
Title		CSZCMS 1.3.0 Authenticated SQL Injection via Members View Endpoint
Weaknesses		CWE-89
References		https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download https://www.cszcms.com/ https://www.exploit-db.com/exploits/51916 https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-12-11T21:41:54.372Z

Updated: 2025-12-11T21:41:54.372Z

Reserved: 2025-12-11T11:49:20.718Z

Link: CVE-2024-58307

Vulnrichment

No data.

NVD

Status : Undergoing Analysis

Published: 2025-12-11T22:15:52.173

Modified: 2025-12-12T15:17:31.973

Link: CVE-2024-58307

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object