CSRF Vulnerabilities in Kasseler CMS before 2 r1232 Allow SQL Injection Attacks (CVE-2013-3727)

CSRF Vulnerabilities in Kasseler CMS before 2 r1232 Allow SQL Injection Attacks (CVE-2013-3727)

CVE-2013-3729 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.