SQL Injection Vulnerability in ImageCMS 4.2: Remote Code Execution via admin_search/
CVE-2012-6290 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
Learn more about our Cms Pen Testing.