An attacker can inject arbitrary SQL queries that can lead to information disclosure and/or creation of new user accounts. This vulnerability can be exploited by an unauthenticated user via HTTP request. TZCMS 2022 was discovered to have XSS vulnerability via the component /admin/sendmailto.php?tomail=&groupid=&msg=&lid=.

An attacker can inject arbitrary HTML code into a user’s notification email, which can lead to information disclosure and/or creation of new user accounts. This vulnerability can be exploited by an unauthenticated user via HTTP request. TZCMS 2022 was discovered to have SQL injection vulnerabiliy via the component /admin/sendmailto.php?tomail=&groupid=&msg=&lid=&_query=.

An attacker can inject arbitrary SQL queries that can lead to information disclosure and/or creation of new user accounts. TZCMS 2022 was discovered to have XSS vulnerability via the component /admin/sendmailto.php?tomail=&groupid=&msg=&lid=&_v=' 。 An attacker can inject arbitrary HTML code into a user’s notification email, which can lead to information disclosure and/or creation of new user accounts. TZCMS 2022 was discovered to have SQL injection vulnerabiliy via the component /admin/sendmailto.php?tomail=&

TZCMS Vulnerable To SQL Injection

TZCMS 2022 was discovered to have SQL injection vulnerabiliy via the component /admin/sendmailto.php?tomail=&groupid=&msg=&lid=&_v=' 。

Timeline

Published on: 09/22/2022 14:15:00 UTC
Last modified on: 09/23/2022 18:50:00 UTC

References