CVE-2014-4034
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.1216 (12.2%)
Percentil: 93.9%
EPSS: 2026-05-06
Afecta
aas9:zerocmsDescripción técnica
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
Publicada: 11/6/2014, 14:55:09
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://packetstormsecurity.com/files/127005/ZeroCMS-1.0-SQL-Injection.html
- http://packetstormsecurity.com/files/130192/ZeroCMS-1.3.3-SQL-Injection.html
- http://seclists.org/fulldisclosure/2015/Feb/4
- http://seclists.org/oss-sec/2015/q1/379
- http://seclists.org/oss-sec/2015/q1/380
- http://secunia.com/advisories/59182
- http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-14.html
- http://sroesemann.blogspot.de/2015/01/sroeadv-2015-13.html