CVE-2013-5957SQL Injection in Civicrm

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
CivicrmDebian Civicrm
Timeline
PublishedNov 27
Latest updateMay 13

Description

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDcivicrm/civicrm4.2.11+19

Patches

Patch: civicrm.orgPatch: github.comPatch: civicrm.org

🔴Vulnerability Details

1
GHSA
GHSA-hh3x-vf3q-948c: Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location2022-05-13

📋Vendor Advisories

1
Debian
CVE-2013-5957: civicrm - Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in Civ...2013