CVE-2021-27672
packagist/tribalsystems/zenario
SQL Injection
SQL Injection in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS allows remote attackers to obtain sensitive database information by injecting SQL commands into the "cID" parameter when creating a new HTML component.
Version 8.8.52729
Upgrade to version 8.8.53370 or above.
2021-04-23
source |