Unrated severityNVD Advisory· Published Mar 13, 2014· Updated May 6, 2026

CVE-2013-3729

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

diff.kasseler-cms.net/svn/patches/1232.htmlnvdPatchVendor Advisory
packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.htmlnvdExploit
seclists.org/bugtraq/2013/Jul/26nvdExploit
www.htbridge.com/advisory/HTB23158nvdExploit
diff.kasseler-cms.net/svn.htmlnvd
osvdb.org/94781nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000