CVE-2015-1442
06.02.2015, 15:59
SQL injection vulnerability in views/zero_transact_user.php in the administrative backend in ZeroCMS 1.3.3, 1.3.2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a Modify Account action. NOTE: The article_id parameter to zero_view_article.php vector is already covered by CVE-2014-4034.
Vendor | Product | Version |
---|---|---|
aas9 | zerocms | 𝑥 ≤ 1.3.3 |
aas9 | zerocms | 1.3.2 |
𝑥
= Vulnerable software versions
References