Zero CMS Arbitrary File Upload Vulnerability and Multiple SQL-Injection Vulnerabilities

Zero CMS Arbitrary File Upload Vulnerability and Multiple SQL-Injection Vulnerabilities

Zero CMS is prone to an arbitrary file-upload vulnerability and multiple SQL-injection vulnerabilities because the applications fails to sufficiently sanitize user-supplied input.

An attacker can exploit these issues to upload and execute arbitrary code within the context of the webserver process, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Zero CMS 1.0 Alpha is vulnerable; other versions may also be affected.