CVE-2013-3213

Published Apr 2, 2014

Last updated 7 years ago

Overview

Description: Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20038138-B797-40A5-A45B-9AB6C21033D0"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC7C1821-E227-4A80-8350-12F50320BBF2"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98DE0A56-EA74-4EA8-B941-F0DFF0F86F28"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FAF126B8-8BE9-4775-904B-5F6FD0FC97CE"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84AE51A9-59AF-47F9-8AFC-5219505FD170"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:rc:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "773AE04C-2478-412F-B961-147E2079B2D2"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7983E217-C378-4D29-AB23-0A1F6FF483B7"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:rc:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16C7FC4B-4253-45C5-92A4-26705A1D98FF"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6CC38DA-63AA-4C1B-9626-4C4641E87576"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBC5BA70-9EB8-4118-AE90-9B450AECCDD2"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0C75930-986A-44F0-997F-C7066C696551"
          },
          {
            "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C606815-FD44-4528-9CCD-1CCA8B59F145"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References