NVD

Id
47100  
Name
CVE-2012-6290  
Description
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-03-11  
Modified Date
2014-03-11  
Seq
2012-6290  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
235862 47100 CVE-2012-6290 20130123 SQL Injection Vulnerability in ImageCMS  View
235863 47100 CVE-2012-6290 http://forum.imagecms.net/viewtopic.php?id=1436  View
235864 47100 CVE-2012-6290 http://packetstormsecurity.com/files/119806/ImageCMS-4.0.0b-SQL-Injection.html  View
235865 47100 CVE-2012-6290 57545  View
235866 47100 CVE-2012-6290 imagecms-adminsearch-sql-injection(81470)  View
235867 47100 CVE-2012-6290 https://www.htbridge.com/advisory/HTB23132  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
30450 JVNDB-2012-006158 ImageCMS における SQL インジェクションの脆弱性 ImageCMS には、SQL インジェクションの脆弱性が存在します。 CVE-2012-6290 59528 CVE-2012-6290 47100 6.5 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-006158.html 2012-12-05 2014-03-12 View