Published: 30/09/2008 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote malicious users to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to the Account module; or (6) the module parameter to index.php, probably related to the TopSites module.

Vulnerable Product	Search on Vulmon	Subscribe to Product
kasseler-cms kasseler cms 1.1.0
kasseler-cms kasseler cms 1.2.0

Kasseler CMS 110, 120 Lite SQL Injection Author: ~!Dok_tOR!~ Date found: 130908 Product: Kasseler CMS Version: 110, 124 URL: wwwkasseler-cmsnet Vulnerability Class: SQL Injection localhost/[installdir]/indexphp?module=News&do=View&nid=1'+and+1=2+union+select+1,2,concat_ws(0x3a,user_name,user_password,user_email),4,user ...

CWE-89 http://www.securityfocus.com/bid/31170 http://secunia.com/advisories/31862 https://exchange.xforce.ibmcloud.com/vulnerabilities/45120 https://www.exploit-db.com/exploits/6460 https://nvd.nist.gov https://www.exploit-db.com/exploits/6460/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-4356

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect