Lucene search
K

8 matches found

Prion
Prion
added 2014/03/13 2:55 p.m.21 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 groups parameter in a send action in the sendmail module or 2 query parameter in ...

6.8CVSS8.4AI score0.02939EPSS
Exploits6References6Affected Software1
CVE
CVE
added 2014/03/13 2:0 p.m.63 views

CVE-2013-3727

Kasseler CMS (before 2 r1232) exposes a SQL injection vulnerability (CVE-2013-3727) via the groups[] parameter to admin.php, allowing a remote authenticated user to execute arbitrary SQL commands; the advisory notes this can be leveraged through CSRF to permit remote unauthenticated SQL execution...

7.5CVSS8.1AI score0.02939EPSS
Exploits5References7Affected Software1
Cvelist
Cvelist
added 2014/03/13 2:0 p.m.37 views

CVE-2013-3729

Multiple cross-site request forgery CSRF vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the 1 groups parameter in a send action in the sendmail module or 2 query parameter in ...

7.9AI score0.01256EPSS
Exploits5References6
securityvulns
securityvulns
added 2013/07/15 12:0 a.m.98 views

Multiple Vulnerabilities in Kasseler CMS

Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.3AI score0.02976EPSS
Exploits7
exploitpack
exploitpack
added 2013/07/05 12:0 a.m.68 views

Kasseler CMS 2 r1223 - Multiple Vulnerabilities

Kasseler CMS 2 r1223 - Multiple Vulnerabilities Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type...

7.5CVSS0.4AI score0.02976EPSS
Exploits7
Exploit DB
Exploit DB
added 2013/07/05 12:0 a.m.57 views

Kasseler CMS 2 r1223 - Multiple Vulnerabilities

Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS7AI score0.02976EPSS
Exploits7
0day.today
0day.today
added 2013/07/03 12:0 a.m.74 views

Kasseler CMS 2 r1223 CSRF / XSS / SQL Injection Vulnerabilities

Kasseler CMS version 2 r1223 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities. Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public...

7.5CVSS7.6AI score0.02976EPSS
Exploits7
Packet Storm
Packet Storm
added 2013/07/03 12:0 a.m.62 views

Kasseler CMS 2 r1223 CSRF / XSS / SQL Injection

Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Versions: 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Type: SQL Injection CWE-89, Cross-Site Scripting...

7.5CVSS0.7AI score0.02976EPSS
Exploits7
Rows per page
Query Builder