cszcms CVE Vulnerabilities & Metrics

Focus on cszcms vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About cszcms Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with cszcms. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total cszcms CVEs: 22
Earliest CVE date: 07 Feb 2019, 07:29 UTC
Latest CVE date: 16 Feb 2024, 02:15 UTC

Latest CVE reference: CVE-2024-25414

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical cszcms CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.37

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	10
4.0-6.9	4
7.0-8.9	8
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS cszcms CVEs

These are the five CVEs with the highest CVSS scores for cszcms, sorted by severity first and recency.

CVE-2022-27165 cszcms Published on 12 Apr 2022, 16:15 UTC (CVSS: 7.5)
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus
CVE-2022-27164 cszcms Published on 12 Apr 2022, 16:15 UTC (CVSS: 7.5)
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers
CVE-2022-27163 cszcms Published on 12 Apr 2022, 16:15 UTC (CVSS: 7.5)
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser
CVE-2022-27162 cszcms Published on 12 Apr 2022, 16:15 UTC (CVSS: 7.5)
CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser
CVE-2022-27161 cszcms Published on 12 Apr 2022, 16:15 UTC (CVSS: 7.5)
Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers

All CVEs for cszcms

CVE-2024-25414 cszcms vulnerability CVSS: 0 16 Feb 2024, 02:15 UTC

An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file.

CVE-2023-41601 cszcms vulnerability CVSS: 0 06 Sep 2023, 20:15 UTC

Multiple cross-site scripting (XSS) vulnerabilities in install/index.php of CSZ CMS v1.3.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Database Username or Database Host parameters.

CVE-2023-39599 cszcms vulnerability CVSS: 0 22 Aug 2023, 19:16 UTC

Cross-Site Scripting (XSS) vulnerability in CSZ CMS v.1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Social Settings parameter.

CVE-2023-38911 cszcms vulnerability CVSS: 0 18 Aug 2023, 19:15 UTC

A Cross-Site Scripting (XSS) vulnerability in CSZ CMS 1.3.0 allows attackers to execute arbitrary code via a crafted payload to the Gallery parameter in the YouTube URL fields.

CVE-2023-38910 cszcms vulnerability CVSS: 0 18 Aug 2023, 19:15 UTC

CSZ CMS 1.3.0 is vulnerable to cross-site scripting (XSS), which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin.

CVE-2020-19786 cszcms vulnerability CVSS: 0 23 Mar 2023, 20:15 UTC

File upload vulnerability in CSKaza CSZ CMS v.1.2.2 fixed in v1.2.4 allows attacker to execute aritrary commands and code via crafted PHP file.

CVE-2022-28997 cszcms vulnerability CVSS: 5.0 23 May 2022, 14:16 UTC

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

CVE-2022-27165 cszcms vulnerability CVSS: 7.5 12 Apr 2022, 16:15 UTC

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Plugin_manager_setstatus

CVE-2022-27164 cszcms vulnerability CVSS: 7.5 12 Apr 2022, 16:15 UTC

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_viewUsers

CVE-2022-27163 cszcms vulnerability CVSS: 7.5 12 Apr 2022, 16:15 UTC

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Users_editUser

CVE-2022-27162 cszcms vulnerability CVSS: 7.5 12 Apr 2022, 16:15 UTC

CSZ CMS 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_editUser

CVE-2022-27161 cszcms vulnerability CVSS: 7.5 12 Apr 2022, 16:15 UTC

Csz Cms 1.2.2 is vulnerable to SQL Injection via cszcms_admin_Members_viewUsers

CVE-2021-43701 cszcms vulnerability CVSS: 4.0 29 Mar 2022, 16:15 UTC

CSZ CMS 1.2.9 has a Time and Boolean-based Blind SQL Injection vulnerability in the endpoint /admin/export/getcsv/article_db, via the fieldS[] and orderby parameters.

CVE-2020-21250 cszcms vulnerability CVSS: 7.5 27 Oct 2021, 20:15 UTC

CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vulnerability in the component /core/MY_Security.php.

CVE-2021-37144 cszcms vulnerability CVSS: 6.4 30 Jul 2021, 14:15 UTC

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink() function is called and user input might affect portions of or the whole affected parameter, which represents the path of the file to remove, without sufficient sanitization.

CVE-2020-25392 cszcms vulnerability CVSS: 3.5 09 Jul 2021, 22:15 UTC

A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Article' field under the 'Article' plugin.

CVE-2020-25391 cszcms vulnerability CVSS: 3.5 09 Jul 2021, 22:15 UTC

A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'New Pages' field under the 'Pages Content' module.

CVE-2021-26776 cszcms vulnerability CVSS: 3.5 11 Mar 2021, 17:15 UTC

CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.

CVE-2021-3224 cszcms vulnerability CVSS: 3.5 10 Mar 2021, 14:15 UTC

A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.

CVE-2019-15524 cszcms vulnerability CVSS: 7.5 26 Aug 2019, 13:15 UTC

CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a .php file to admin/filemanager in the File Management Module, which leads to remote code execution by visiting a photo/upload/2019/ URI.

CVE-2019-13086 cszcms vulnerability CVSS: 7.5 30 Jun 2019, 17:15 UTC

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

CVE-2019-7566 cszcms vulnerability CVSS: 6.8 07 Feb 2019, 07:29 UTC

CSZ CMS 1.1.8 has CSRF via admin/users/new/add.