Vulnerabilities > Imagecms
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-03-11 | CVE-2012-6290 | SQL Injection vulnerability in Imagecms 4.0.0 SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. | 6.5 |
2014-03-11 | CVE-2013-7334 | Cross-Site Request Forgery (CSRF) vulnerability in Imagecms 4.0.0 Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the q parameter, related to CVE-2012-6290. | 6.8 |