Lucene search

[email protected]CVE-2013-5957

HistoryNov 27, 2013 - 6:55 p.m.

CVE-2013-5957

2013-11-2718:55:04

CWE-89

[email protected]

web.nvd.nist.gov

cve-2013-5957

sql injection

civicrm

security vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.

Affected configurations

NVD

Node

civicrmcivicrmMatch4.4alpha3

civicrmcivicrmMatch4.4beta1

civicrmcivicrmMatch4.4beta2

civicrmcivicrmMatch4.4beta3

civicrmcivicrmMatch4.4.0alpha1

civicrmcivicrmMatch4.4.0alpha2

Node

civicrmcivicrmRange≤4.2.11

civicrmcivicrmMatch4.2.0

civicrmcivicrmMatch4.2.1

civicrmcivicrmMatch4.2.2

civicrmcivicrmMatch4.2.4

civicrmcivicrmMatch4.2.5

civicrmcivicrmMatch4.2.6

civicrmcivicrmMatch4.2.7

civicrmcivicrmMatch4.2.8

civicrmcivicrmMatch4.2.9

civicrmcivicrmMatch4.2.10

Node

civicrmcivicrmMatch4.3.0

civicrmcivicrmMatch4.3.1

civicrmcivicrmMatch4.3.2

civicrmcivicrmMatch4.3.3

civicrmcivicrmMatch4.3.4

civicrmcivicrmMatch4.3.5

civicrmcivicrmMatch4.3.6

CPENameOperatorVersion
civicrm:civicrmcivicrmeq4.4
civicrm:civicrmcivicrmeq4.4.0

CPE	Name	Operator	Version
civicrm:civicrm	civicrm	eq	4.4
civicrm:civicrm	civicrm	eq	4.4.0

References

civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability

github.com/civicrm/civicrm-core/pull/1708.diff

www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.html

www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.html

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.2%

JSON

Related for CVE-2013-5957

prion1 openvas3 cvelist1 nvd1 debiancve1