Lucene search

[email protected]CVE-2013-3524

HistoryMay 10, 2013 - 9:55 p.m.

CVE-2013-3524

2013-05-1021:55:02

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-3524

sql injection

pop up news module

phpvms

remote code execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.

Affected configurations

NVD

Node

simpilotgrouppop_up_newsMatch2.0

CPENameOperatorVersion
simpilotgroup:pop_up_newssimpilotgroup pop up newseq2.0

CPE	Name	Operator	Version
simpilotgroup:pop_up_news	simpilotgroup pop up news	eq	2.0

References

secunia.com/advisories/53033

www.exploit-db.com/exploits/24960

www.osvdb.org/92328

www.securityfocus.com/bid/59057

exchange.xforce.ibmcloud.com/vulnerabilities/83423

github.com/DavidJClark/phpVMS-PopUpNews/commit/5cadf9cbf4d0872a879666ea594be356fad5897e

github.com/DavidJClark/phpVMS-PopUpNews/commit/efaffa04ef87db1722d69ac7bfc07be71ce2dccf

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.006 Low

EPSS

Percentile

77.9%

JSON

Related for CVE-2013-3524

nvd1 cvelist1 prion1