CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4662

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.7%

CVSS Severity

CVSS v2 Score 6.5

References

Products affected by CVE-2013-4662

Civicrm » Civicrm » Version: 4.2.0

cpe:2.3:a:civicrm:civicrm:4.2.0
Civicrm » Civicrm » Version: 4.2.1

cpe:2.3:a:civicrm:civicrm:4.2.1
Civicrm » Civicrm » Version: 4.2.2

cpe:2.3:a:civicrm:civicrm:4.2.2
Civicrm » Civicrm » Version: 4.2.4

cpe:2.3:a:civicrm:civicrm:4.2.4
Civicrm » Civicrm » Version: 4.2.5

cpe:2.3:a:civicrm:civicrm:4.2.5
Civicrm » Civicrm » Version: 4.2.6

cpe:2.3:a:civicrm:civicrm:4.2.6
Civicrm » Civicrm » Version: 4.2.7

cpe:2.3:a:civicrm:civicrm:4.2.7
Civicrm » Civicrm » Version: 4.2.8

cpe:2.3:a:civicrm:civicrm:4.2.8
Civicrm » Civicrm » Version: 4.2.9

cpe:2.3:a:civicrm:civicrm:4.2.9
Civicrm » Civicrm » Version: 4.3.0

cpe:2.3:a:civicrm:civicrm:4.3.0
Civicrm » Civicrm » Version: 4.3.1

cpe:2.3:a:civicrm:civicrm:4.3.1
Civicrm » Civicrm » Version: 4.3.2

cpe:2.3:a:civicrm:civicrm:4.3.2
Civicrm » Civicrm » Version: 4.3.3

cpe:2.3:a:civicrm:civicrm:4.3.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2013-4662

Products

Pricing

Contact Us