Unrated severityNVD Advisory· Published Mar 11, 2014· Updated Jun 16, 2026
CVE-2012-6290
CVE-2012-6290
Description
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
8- archives.neohapsis.com/archives/bugtraq/2013-01/0105.htmlnvdExploit
- packetstormsecurity.com/files/119806/ImageCMS-4.0.0b-SQL-Injection.htmlnvdExploit
- www.htbridge.com/advisory/HTB23132nvdExploit
- secunia.com/advisories/51913nvdVendor Advisory
- forum.imagecms.net/viewtopic.phpnvd
- osvdb.org/89513nvd
- www.securityfocus.com/bid/57545nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/81470nvd
News mentions
0No linked articles in our index yet.