CVE-2013-4662

Published Jan 29, 2014

Last updated 11 years ago

Overview

Description: The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.5
Impact score: 6.4
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8CBF12E-640F-4752-8F52-B5B3D4015FC6"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A22C3AE-2E98-465C-B24C-725BEB99E943"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21DDDCA1-78A1-4FFB-B180-7D0D20FE4FDA"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C5B0394-3C38-454F-BF55-82AADCDEBE9A"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F3D157E-9132-4EA9-A395-6E46C4C3C032"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E5813B-160F-48B2-91B2-4599048028A6"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC6A767A-D530-479B-9E3B-6FB49FD0B8FB"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D80D5F9-B4D9-41C9-B157-3FE31B54EDBF"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1647D812-6174-4613-B57B-8BEF5C3877C5"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "074C6767-AC29-4A80-8A51-16DD69BFEAA3"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE6A4EB0-3143-41AF-B4CF-26C736BEF2A4"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B8BBCB1-99D0-4634-BAD6-495B9D040A4C"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECC01A92-9252-4184-B11A-39D077E761C5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References