NVD

Id
40219  
Name
CVE-2013-4662  
Description
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.  
Reject
 
CVSS Version
2  
CVSS Score
6.5  
Severity
Medium  
CVSS Base Score
6.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:P/I:P/A:P)  
Pub Date
2017-01-18  
Published
2014-01-29  
Modified Date
2014-02-21  
Seq
2013-4662  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
204608 40219 CVE-2013-4662 http://issues.civicrm.org/jira/browse/CRM-12765  View
204609 40219 CVE-2013-4662 https://civicrm.org/advisory/civi-sa-2013-004-limited-sql-injection-quick-search-api  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
24382 JVNDB-2013-005957 CiviCRM の Quick Search API におけるレイヤの検証を回避される脆弱性 CiviCRM の Quick Search API には、contact.getquick に関する処理に不備があるため、検証のレイヤを回避され、SQL インジェクション攻撃を実行される脆弱性が存在します。 CVE-2013-4662 64604 CVE-2013-4662 40219 6.5 http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-005957.html 2013-06-10 2014-01-31 View