SQL Injection Vulnerability in CSZ CMS 1.2.2: Bypassing CSRF Protection in member/login/check Endpoint

SQL Injection Vulnerability in CSZ CMS 1.2.2: Bypassing CSRF Protection in member/login/check Endpoint

CVE-2019-13086 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

core/MY_Security.php in CSZ CMS 1.2.2 before 2019-06-20 has member/login/check SQL injection by sending a crafted HTTP User-Agent header and omitting the csrf_csz parameter.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.