Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-03-13T14:00:00
Updated: 2024-08-06T16:22:00.179Z
Reserved: 2013-05-30T00:00:00
Link: CVE-2013-3729
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2014-03-13T14:55:05.127
Modified: 2014-03-13T17:42:49.307
Link: CVE-2013-3729
Redhat
No data.