CVE-2013-2018SQL Injection in Boinc

CWE-89SQL InjectionCWE-200Sensitive Information ExposureCWE-400Uncontrolled Resource ConsumptionCWE-476NULL Pointer DereferenceCWE-284Improper Access Control25 documents11 sources
Severity
9.8CRITICALNVD
EPSS
0.6%
top 30.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
BoincDebian BoincApache Httpd+2 more
Timeline
PublishedFeb 20
Latest updateMay 13

Description

Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages6 packages

debiandebian/boinc< boinc 7.0.65+dfsg-1 (bookworm)
Debianboinc/boinc< 7.0.65+dfsg-1+3
CVEListV5boinc/boincpossibly 7.x and earlier
apacheapache/httpd

🔴Vulnerability Details

4
GHSA
Improper Access Control in Telerik Extensions2022-05-13
GHSA
GHSA-xh9c-cqj7-g26j: Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors2022-05-05
OSV
CVE-2013-2018: Multiple SQL injection vulnerabilities in BOINC allow remote attackers to execute arbitrary SQL commands via unspecified vectors2020-02-20
Kernel
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next2018-09-25

💥Exploits & PoCs

8
Exploit-DB
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting2020-01-29
Exploit-DB
ntpd 4.2.8p10 - Out-of-Bounds Read (PoC)2018-11-14
Exploit-DB
WebVet 0.1a - 'id' SQL Injection2018-11-05
Exploit-DB
SEIG Modbus 3.4 - Denial of Service (PoC)2018-08-20
Exploit-DB
SEIG Modbus 3.4 - Remote Code Execution2018-08-20

📋Vendor Advisories

7
Red Hat
kernel: Information Disclosure in crypto_report_one in crypto/crypto_user.c2018-11-03
Microsoft
Microsoft Office Elevation of Privilege Vulnerability2018-06-12
Red Hat
kernel: denial of service via ioctl call in network tun handling2018-01-17
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)2014-02-06
Red Hat
Mozilla: Script execution in HTML mail replies (MFSA 2014-14)2014-02-06

💬Community

4
Bugzilla
CVE-2018-0498 CVE-2018-0497 mbedtls: Two critical flaws fixed in latest release2018-08-02
Bugzilla
CVE-2018-10843 source-to-image: Builder images with assembler-user LABEL set to root allows attackers to execute arbitrary code2018-05-17
Bugzilla
CVE-2018-1070 Routing: Malicous Service configuration can bring down routing for an entire shard.2018-03-08
Bugzilla
CVE-2013-4317 cloudstack: Information disclosure in listProjectAccounts in the CloudStack API2018-02-20