Lucene search

[email protected]NVD:CVE-2013-5957

HistoryNov 27, 2013 - 6:55 p.m.

CVE-2013-5957

2013-11-2718:55:04

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

49.3%

JSON

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.

Affected configurations

Nvd

Node

civicrmcivicrmMatch4.4alpha3

civicrmcivicrmMatch4.4beta1

civicrmcivicrmMatch4.4beta2

civicrmcivicrmMatch4.4beta3

civicrmcivicrmMatch4.4.0alpha1

civicrmcivicrmMatch4.4.0alpha2

Node

civicrmcivicrmRange≤4.2.11

civicrmcivicrmMatch4.2.0

civicrmcivicrmMatch4.2.1

civicrmcivicrmMatch4.2.2

civicrmcivicrmMatch4.2.4

civicrmcivicrmMatch4.2.5

civicrmcivicrmMatch4.2.6

civicrmcivicrmMatch4.2.7

civicrmcivicrmMatch4.2.8

civicrmcivicrmMatch4.2.9

civicrmcivicrmMatch4.2.10

Node

civicrmcivicrmMatch4.3.0

civicrmcivicrmMatch4.3.1

civicrmcivicrmMatch4.3.2

civicrmcivicrmMatch4.3.3

civicrmcivicrmMatch4.3.4

civicrmcivicrmMatch4.3.5

civicrmcivicrmMatch4.3.6

VendorProductVersionCPE
civicrmcivicrm4.4cpe:2.3:a:civicrm:civicrm:4.4:alpha3:*:*:*:*:*:*
civicrmcivicrm4.4cpe:2.3:a:civicrm:civicrm:4.4:beta1:*:*:*:*:*:*
civicrmcivicrm4.4cpe:2.3:a:civicrm:civicrm:4.4:beta2:*:*:*:*:*:*
civicrmcivicrm4.4cpe:2.3:a:civicrm:civicrm:4.4:beta3:*:*:*:*:*:*
civicrmcivicrm4.4.0cpe:2.3:a:civicrm:civicrm:4.4.0:alpha1:*:*:*:*:*:*
civicrmcivicrm4.4.0cpe:2.3:a:civicrm:civicrm:4.4.0:alpha2:*:*:*:*:*:*
civicrmcivicrm*cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*
civicrmcivicrm4.2.0cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*
civicrmcivicrm4.2.1cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*
civicrmcivicrm4.2.2cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
civicrm	civicrm	4.4	cpe:2.3:a:civicrm:civicrm:4.4:alpha3::::::
civicrm	civicrm	4.4	cpe:2.3:a:civicrm:civicrm:4.4:beta1::::::
civicrm	civicrm	4.4	cpe:2.3:a:civicrm:civicrm:4.4:beta2::::::
civicrm	civicrm	4.4	cpe:2.3:a:civicrm:civicrm:4.4:beta3::::::
civicrm	civicrm	4.4.0	cpe:2.3:a:civicrm:civicrm:4.4.0:alpha1::::::
civicrm	civicrm	4.4.0	cpe:2.3:a:civicrm:civicrm:4.4.0:alpha2::::::
civicrm	civicrm	*	cpe:2.3:a:civicrm:civicrm::::::::
civicrm	civicrm	4.2.0	cpe:2.3:a:civicrm:civicrm:4.2.0:::::::*
civicrm	civicrm	4.2.1	cpe:2.3:a:civicrm:civicrm:4.2.1:::::::*
civicrm	civicrm	4.2.2	cpe:2.3:a:civicrm:civicrm:4.2.2:::::::*