RSS   Vulnerabilities for 'Imagecms'   RSS

2014-03-11
 
CVE-2012-6290

CWE-89
 

 
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

 
 
CVE-2013-7334

CWE-352
 

 
Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290.

 


Copyright 2024, cxsecurity.com

 

Back to Top