CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
49.3%
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
Vendor | Product | Version | CPE |
---|---|---|---|
civicrm | civicrm | 4.4 | cpe:2.3:a:civicrm:civicrm:4.4:alpha3:*:*:*:*:*:* |
civicrm | civicrm | 4.4 | cpe:2.3:a:civicrm:civicrm:4.4:beta1:*:*:*:*:*:* |
civicrm | civicrm | 4.4 | cpe:2.3:a:civicrm:civicrm:4.4:beta2:*:*:*:*:*:* |
civicrm | civicrm | 4.4 | cpe:2.3:a:civicrm:civicrm:4.4:beta3:*:*:*:*:*:* |
civicrm | civicrm | 4.4.0 | cpe:2.3:a:civicrm:civicrm:4.4.0:alpha1:*:*:*:*:*:* |
civicrm | civicrm | 4.4.0 | cpe:2.3:a:civicrm:civicrm:4.4.0:alpha2:*:*:*:*:*:* |
civicrm | civicrm | * | cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:* |
civicrm | civicrm | 4.2.0 | cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:* |
civicrm | civicrm | 4.2.1 | cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:* |
civicrm | civicrm | 4.2.2 | cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:* |