从这个网页截图中获取到的关于漏洞的关键信息如下: Advisory Summary Advisory ID: HTB23158 Product: Kasseler CMS Vendor: Kasseler CMS Vulnerable Version(s): 2 r1223 and probably prior Tested Version: 2 r1223 Vendor Notification: May 29, 2013 Vendor Patch: June 28, 2013 Public Disclosure: July 3, 2013 Vulnerability Details 1. SQL Injection CVE ID: CVE-2013-3727 Description: Insufficient validation of "groups" HTTP POST parameter in /admin.php script. Risk: Remote authenticated administrator can execute SQL commands. Exploit Potential: CSRF vector to exploit remotely. 2. Cross-Site Scripting (XSS) CVE ID: CVE-2013-3728 Description: Insufficient filtering of "cat" HTTP POST parameter in /admin.php script. Risk: Remote attacker with create category privileges can inject HTML/script code. 3. Cross-Site Request Forgery (CSRF) CVE ID: CVE-2013-3729 Description: Absence of CSRF protection mechanisms. Risk: Remote attacker can trick logged-in administrator to execute SQL queries. Solution Upgrade: Kasseler CMS 2 r1232 Additional Information References: Available in the advisory and official Kasseler CMS website.