Vulnerabilities (CVE)

Filtered by vendor Imagecms Subscribe
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2013-7334 1 Imagecms 1 Imagecms 2024-11-21 6.8 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290.
CVE-2012-6290 1 Imagecms 1 Imagecms 2024-11-21 6.5 MEDIUM N/A
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.