CVE-2013-4461 — SQL Injection in Redhat Enterprise MRG

CWE-89 — SQL Injection5 documents5 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 40.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise MRG

Timeline

PublishedDec 23

Latest updateMay 13

Description

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDredhat/enterprise_mrg2.4

🔴Vulnerability Details

GHSA

GHSA-wjw2-3w4f-g496: SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2↗2022-05-13

▶

CVEList

CVE-2013-4461: SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2↗2013-12-23

▶

📋Vendor Advisories

Red Hat

cumin: filtering table operator not checked, leads to potential SQLi↗2013-12-17

▶

💬Community

Bugzilla

CVE-2013-4461 cumin: filtering table operator not checked, leads to potential SQLi↗2013-10-07

▶