SQL Injection Vulnerability in CSZ CMS Plugin Management

CVE-2022-27165

What is CVE-2022-27165?

The CSZ CMS version 1.2.2 contains a SQL injection vulnerability that is exploited through the 'cszcms_admin_Plugin_manager_setstatus' function. This weakness allows attackers to manipulate database queries, potentially leading to unauthorized data access and alteration. Proper validation and sanitization of user inputs are essential to mitigate this risk.

References