fkie_nvd - fkie_cve-2013-5957

fkie_cve-2013-5957

Vulnerability from fkie_nvd

Published

2013-11-27 18:55

Modified

2024-11-21 01:58

Severity ?

Summary

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.

References

URL	Tags
cve@mitre.org	https://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability	Patch, Vendor Advisory
cve@mitre.org	https://github.com/civicrm/civicrm-core/pull/1708.diff	Patch
cve@mitre.org	https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.html	Exploit
cve@mitre.org	https://www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.html
af854a3a-2127-422b-91ae-364da2661108	https://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/civicrm/civicrm-core/pull/1708.diff	Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.html

Impacted products

Vendor	Product	Version
civicrm	civicrm	4.4
civicrm	civicrm	4.4
civicrm	civicrm	4.4
civicrm	civicrm	4.4
civicrm	civicrm	4.4.0
civicrm	civicrm	4.4.0
civicrm	civicrm	*
civicrm	civicrm	4.2.0
civicrm	civicrm	4.2.1
civicrm	civicrm	4.2.2
civicrm	civicrm	4.2.4
civicrm	civicrm	4.2.5
civicrm	civicrm	4.2.6
civicrm	civicrm	4.2.7
civicrm	civicrm	4.2.8
civicrm	civicrm	4.2.9
civicrm	civicrm	4.2.10
civicrm	civicrm	4.3.0
civicrm	civicrm	4.3.1
civicrm	civicrm	4.3.2
civicrm	civicrm	4.3.3
civicrm	civicrm	4.3.4
civicrm	civicrm	4.3.5
civicrm	civicrm	4.3.6

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "DC81EF04-66EE-4B5B-9113-3BAA754825B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "7B4582F6-350D-4550-80BC-B7C6D065D3F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "365D85CE-4A4F-4BA2-B256-E22D11A9665E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E5F1D942-D54C-405B-94B4-035B207B5F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.4.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "FD736AFB-6EC3-4144-BCC1-A73B409A6D6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.4.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "2E6E8F41-66D2-4C41-A318-B010A4F7CAAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "45A50206-85B1-44F7-ABBC-C467F4D58345",
              "versionEndIncluding": "4.2.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8CBF12E-640F-4752-8F52-B5B3D4015FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A22C3AE-2E98-465C-B24C-725BEB99E943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "21DDDCA1-78A1-4FFB-B180-7D0D20FE4FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C5B0394-3C38-454F-BF55-82AADCDEBE9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3D157E-9132-4EA9-A395-6E46C4C3C032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E5813B-160F-48B2-91B2-4599048028A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC6A767A-D530-479B-9E3B-6FB49FD0B8FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D80D5F9-B4D9-41C9-B157-3FE31B54EDBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1647D812-6174-4613-B57B-8BEF5C3877C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F02DA7A-8FA7-4518-896B-E3756F6C56E1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "074C6767-AC29-4A80-8A51-16DD69BFEAA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE6A4EB0-3143-41AF-B4CF-26C736BEF2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8BBCB1-99D0-4634-BAD6-495B9D040A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC01A92-9252-4184-B11A-39D077E761C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F03014FE-7086-4C5F-9630-4803720DC6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "36468BF2-1E30-4479-8CA0-43F5943B25CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9D991D4-5744-417A-B896-D14F666DCF5A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n de SQL en CRM/Core/Page/AJAX/Location.php de CiviCRM anterior a la versi\u00f3n 4.2.12, 4.3.x anterior a 4.3.7, y 4.4.x anterior a la versi\u00f3n 4.4.beta4 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro _value a (1) ajax/jqState o (2) ajax/jqcounty."
    }
  ],
  "id": "CVE-2013-5957",
  "lastModified": "2024-11-21T01:58:29.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-27T18:55:04.567",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/civicrm/civicrm-core/pull/1708.diff"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/civicrm/civicrm-core/pull/1708.diff"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2013-5957

Vulnerability from cvelistv5

Published

2013-11-27 18:00

Modified

2024-08-06 17:29