CVE-2013-3729

Опубликовано: 13 мар. 2014

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.

Ссылки

http://diff.kasseler-cms.net/svn.html
http://diff.kasseler-cms.net/svn/patches/1232.html
Patch
Vendor Advisory
http://osvdb.org/94781
http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html
Exploit
http://seclists.org/bugtraq/2013/Jul/26
Exploit
https://www.htbridge.com/advisory/HTB23158
Exploit
http://diff.kasseler-cms.net/svn.html
http://diff.kasseler-cms.net/svn/patches/1232.html
Patch
Vendor Advisory
http://osvdb.org/94781
http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html
Exploit
http://seclists.org/bugtraq/2013/Jul/26
Exploit
https://www.htbridge.com/advisory/HTB23158
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:kasseler-cms:kasseler-cms:*:r1223:*:*:*:*:*:*

Версия до 2 (включая)

EPSS

Процентиль: 87%

0.03457

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-2x7x-45v7-xmvx

github

больше 3 лет назад