CVE-2013-5957

Published Nov 27, 2013

Last updated 4 years ago

Overview

Description: Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DC81EF04-66EE-4B5B-9113-3BAA754825B5"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7B4582F6-350D-4550-80BC-B7C6D065D3F9"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "365D85CE-4A4F-4BA2-B256-E22D11A9665E"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.4:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5F1D942-D54C-405B-94B4-035B207B5F58"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.4.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD736AFB-6EC3-4144-BCC1-A73B409A6D6D"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.4.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2E6E8F41-66D2-4C41-A318-B010A4F7CAAD"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45A50206-85B1-44F7-ABBC-C467F4D58345",
            "versionEndIncluding": "4.2.11"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8CBF12E-640F-4752-8F52-B5B3D4015FC6"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A22C3AE-2E98-465C-B24C-725BEB99E943"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "21DDDCA1-78A1-4FFB-B180-7D0D20FE4FDA"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C5B0394-3C38-454F-BF55-82AADCDEBE9A"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F3D157E-9132-4EA9-A395-6E46C4C3C032"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "33E5813B-160F-48B2-91B2-4599048028A6"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC6A767A-D530-479B-9E3B-6FB49FD0B8FB"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D80D5F9-B4D9-41C9-B157-3FE31B54EDBF"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1647D812-6174-4613-B57B-8BEF5C3877C5"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.2.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F02DA7A-8FA7-4518-896B-E3756F6C56E1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "074C6767-AC29-4A80-8A51-16DD69BFEAA3"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE6A4EB0-3143-41AF-B4CF-26C736BEF2A4"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B8BBCB1-99D0-4634-BAD6-495B9D040A4C"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ECC01A92-9252-4184-B11A-39D077E761C5"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F03014FE-7086-4C5F-9630-4803720DC6A9"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "36468BF2-1E30-4479-8CA0-43F5943B25CC"
          },
          {
            "criteria": "cpe:2.3:a:civicrm:civicrm:4.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9D991D4-5744-417A-B896-D14F666DCF5A"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References