Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4662HistoryJan 29, 2014 - 6:55 p.m.
CVE-2013-4662
2014-01-2918:55:26
Debian Security Bug Tracker
security-tracker.debian.org
8
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.001
Percentile
46.5%
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the “second layer” of the API, related to contact.getquick.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | civicrm | < 5.33.2+dfsg1-1 | civicrm_5.33.2+dfsg1-1_all.deb |
| Debian | 999 | all | civicrm | < 5.68.1+dfsg1-1 | civicrm_5.68.1+dfsg1-1_all.deb |
Related
cve
cve
CVE-2013-4662
2014-01-29 18:55:26
cvelist
cvelist
CVE-2013-4662
2014-01-29 18:00:00
github
github
CiviCRM SQL injection vulnerability via Quick Search API
2022-05-17 04:52:06
nvd
nvd
CVE-2013-4662
2014-01-29 18:55:26
prion
prion
Sql injection
2014-01-29 18:55:00
osv
osv
CiviCRM SQL injection vulnerability via Quick Search API
2022-05-17 04:52:06
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
EPSS
0.001
Percentile
46.5%
Related for DEBIANCVE:CVE-2013-4662