cve/CVE-2012-6290.md at 4024663e83c70ac127726b49919178f8121c5338

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 09:12:08 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

POC

Reference

http://packetstormsecurity.com/files/119806/ImageCMS-4.0.0b-SQL-Injection.html

Github

No PoCs found on GitHub currently.

787 B Raw Blame History

CVE-2012-6290

Description

POC

Reference

Github

787 B

Raw Blame History