Lucene search
HistoryJan 29, 2014 - 6:55 p.m.
CVE-2013-4662
civicrm
quick search api
sql injection
contact.getquick
cve-2013-4662
nvd
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.6%
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the “second layer” of the API, related to contact.getquick.
Affected configurations
Node
civicrmcivicrmMatch4.2.0
ORcivicrmcivicrmMatch4.2.1
ORcivicrmcivicrmMatch4.2.2
ORcivicrmcivicrmMatch4.2.4
ORcivicrmcivicrmMatch4.2.5
ORcivicrmcivicrmMatch4.2.6
ORcivicrmcivicrmMatch4.2.7
ORcivicrmcivicrmMatch4.2.8
ORcivicrmcivicrmMatch4.2.9
ORcivicrmcivicrmMatch4.3.0
ORcivicrmcivicrmMatch4.3.1
ORcivicrmcivicrmMatch4.3.2
ORcivicrmcivicrmMatch4.3.3
Related
cvelist
cvelist
CVE-2013-4662
2014-01-29 18:00:00
nvd
nvd
CVE-2013-4662
2014-01-29 18:55:26
github
github
CiviCRM SQL injection vulnerability via Quick Search API
2022-05-17 04:52:06
debiancve
debiancve
CVE-2013-4662
2014-01-29 18:55:26
osv
osv
CiviCRM SQL injection vulnerability via Quick Search API
2022-05-17 04:52:06
prion
prion
Sql injection
2014-01-29 18:55:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
46.6%
Related for CVE-2013-4662