CVE-2013-3727

Name of the Vulnerable Software and Affected Versions Kasseler CMS versions prior to 2 r1232

Description The issue allows remote authenticated users to execute arbitrary SQL commands via the groups[] parameter to "admin.php". This can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

Recommendations For versions prior to 2 r1232, update to version 2 r1232 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin.php" endpoint and the groups[] parameter to minimize the risk of exploitation.