CVE-2014-5249

Published Aug 14, 2014

Last updated 3 months ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:6.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B28F72E1-F2DF-491B-A190-D0489E9C0754"
          },
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:6.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "66A0A0B5-ACAB-4B98-9396-A01A26A6156A"
          },
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:7.x-1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEE01F4E-D6E3-438F-B147-6B0C99CBC0FD"
          },
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:7.x-1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "84284DEB-C0EA-4ADB-93EC-09BE6665F03A"
          },
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:7.x-1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D363D0B-741B-46D9-BB48-BED7C0A15A67"
          },
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:7.x-1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88DE8116-6C69-4F97-84CA-C6F04A450491"
          },
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:7.x-1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4EEB5EA1-2E97-4ABD-8334-47E1C4EBCE38"
          },
          {
            "criteria": "cpe:2.3:a:biblio_autocomplete_project:biblio_autocomplete:7.x-1.x:dev:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB9AE8CD-0141-49C5-AA73-CCC0F2EAFE82"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References