CVE-2013-3727

Kasseler CMS < 2 - Authenticated SQL Injection via groups[] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3727.

AI-analyzed exploit summary The exploit demonstrates SQL injection (CVE-2013-3727), stored XSS (CVE-2013-3728), and CSRF (CVE-2013-3729) in Kasseler CMS. It includes functional PoC code for each vulnerability, including a CSRF-based SQLi exploit using DNS exfiltration.

Description

SQL injection vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to admin.php. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Exploits (1)

exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/26623

The exploit demonstrates SQL injection (CVE-2013-3727), stored XSS (CVE-2013-3728), and CSRF (CVE-2013-3729) in Kasseler CMS. It includes functional PoC code for each vulnerability, including a CSRF-based SQLi exploit using DNS exfiltration.

Classification
Working Poc 100%
Attack Type
Sqli | Xss | Csrf
Complexity
Moderate
Reliability
Reliable
Target: Kasseler CMS 2 r1223 and prior
Auth required
Prerequisites: Authenticated admin session for direct SQLi/XSS · Victim interaction for CSRF
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23158
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/94779
Mailing List mailing-list x_refsource_bugtraq
http://seclists.org/bugtraq/2013/Jul/26
Various Sources x_refsource_confirm
http://diff.kasseler-cms.net/svn.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/85407
Vendor Advisory x_refsource_confirm
http://diff.kasseler-cms.net/svn/patches/1232.html

Scores

EPSS 0.0291
EPSS Percentile 85.2%

Details

CWE
CWE-89
Status published
Products (1)
kasseler-cms/kasseler-cms < 2
Published Mar 13, 2014
Tracked Since Feb 18, 2026