CVE-2013-6787

Published Dec 5, 2013

Last updated 11 years ago

Overview

Description: SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 6
Impact score: 6.4
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7E99DEB-5A6A-4483-98A1-BE1D76EBE035",
            "versionEndIncluding": "1.9.6"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C36797C-A553-42E4-B855-59B22219D4C0"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B494675E-6264-4FC9-B829-7A40E82A34A3"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2298A795-6420-479E-A5A0-9F92CFDFDE67"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "166D9186-7EF6-4B4D-AF7E-EE3BB64E5C28"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.8.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC918E77-D731-41D9-8DBC-4A5E0B9230B0"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.8.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D29A4F8E-0E05-4696-BA0F-71C0B59BCF5E"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04B619FB-B282-443A-95AE-F0577B119FA3"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7CD0A1DB-453D-4E44-8354-83E82E8254C7"
          },
          {
            "criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.9.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09EE7E5D-4199-42B1-B05D-0ABAAEFB64E2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References