CVE-2013-4662

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*

Information

Published : 2014-01-29 10:55

Updated : 2014-02-21 11:29


NVD link : CVE-2013-4662

Mitre link : CVE-2013-4662


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

civicrm

  • civicrm