Unrated severityNVD Advisory· Published Mar 13, 2014· Updated Jun 16, 2026
CVE-2013-3727
CVE-2013-3727
Description
SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:kasseler-cms:kasseler-cms:*:r1223:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:kasseler-cms:kasseler-cms:*:r1223:*:*:*:*:*:*range: <=2
- (no CPE)range: <2 r1232
Patches
Vulnerability mechanics
References
7- packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.htmlnvdExploit
- diff.kasseler-cms.net/svn/patches/1232.htmlnvdVendor Advisory
- diff.kasseler-cms.net/svn.htmlnvd
- osvdb.org/94779nvd
- seclists.org/bugtraq/2013/Jul/26nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/85407nvd
- www.htbridge.com/advisory/HTB23158nvd
News mentions
0No linked articles in our index yet.