Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2013-3213
HistoryApr 02, 2014 - 4:05 p.m.

CVE-2013-3213

2014-04-0216:05:49
CWE-89
[email protected]
web.nvd.nist.gov
29
cve
2013
3213
sql injection
vtiger crm
security vulnerability
nvd
remote execution
arbitrary commands
soap protocol

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.

Affected configurations

NVD
Node
vtigervtiger_crmMatch5.0.0
OR
vtigervtiger_crmMatch5.0.1
OR
vtigervtiger_crmMatch5.0.2
OR
vtigervtiger_crmMatch5.0.3
OR
vtigervtiger_crmMatch5.0.4
OR
vtigervtiger_crmMatch5.0.4rc
OR
vtigervtiger_crmMatch5.1.0
OR
vtigervtiger_crmMatch5.1.0rc
OR
vtigervtiger_crmMatch5.2.0
OR
vtigervtiger_crmMatch5.2.1
OR
vtigervtiger_crmMatch5.3.0
OR
vtigervtiger_crmMatch5.4.0

Related

openvas 1
nvd 1
dsquare 2
securityvulns 2
prion 1
cvelist 1
seebug 1
exploitpack 1
zdt 1
exploitdb 1
openvas
openvas
Vtiger CRM Multiple SQLi Vulnerabilities (Apr 2014)
2014-04-17 00:00:00
nvd
nvd
CVE-2013-3213
2014-04-02 16:05:49
dsquare
dsquare
vtiger CRM 5.4.0 get_picklists SQLi
2014-03-10 00:00:00
vtiger CRM 5.4.0 get_tickets_list SQLi
2014-03-10 00:00:00
securityvulns
securityvulns
[KIS-2013-06] vtiger CRM <= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities
2013-09-09 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-09-09 00:00:00
prion
prion
Sql injection
2014-04-02 16:05:00
cvelist
cvelist
CVE-2013-3213
2014-04-02 14:00:00
seebug
seebug
vtiger CRM <= 5.4.0 (SOAP Services) - Multiple Vulnerabilities
2014-07-01 00:00:00
exploitpack
exploitpack
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
2013-08-02 00:00:00
zdt
zdt
vtiger CRM <= 5.4.0 (SOAP Services) - Multiple Vulnerabilities
2013-08-03 00:00:00
exploitdb
exploitdb
vTiger CRM 5.4.0 SOAP - Multiple Vulnerabilities
2013-08-02 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.6 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.6%

JSON
Related for CVE-2013-3213
openvas1nvd1dsquare2securityvulns2prion1cvelist1seebug1exploitpack1zdt1exploitdb1