SQL Injection Vulnerability in ImageCMS 4.2: Remote Code Execution via admin_search/

CVE-2012-6290 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Learn more about our Cms Pen Testing.