CVE-2013-3213

{"id": "CVE-2013-3213", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-04-02T16:05:49.267", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://karmainsecurity.com/KIS-2013-06", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/61563", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129", "source": "cve@mitre.org"}, {"url": "https://www.vtiger.com/blogs/?p=1467", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://karmainsecurity.com/KIS-2013-06", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/61563", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.vtiger.com/blogs/?p=1467", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades inyecci\u00f3n SQL en vTiger CRM 5.0.0 hasta 5.4.0 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del (1) par\u00e1metro picklist_name en el m\u00e9todo get_picklists hacia soap/customerportal.php, (2) par\u00e1metro where en el m\u00e9todo get_tickets_list hacia soap/customerportal.php o (3) par\u00e1metro emailaddress en el m\u00e9todo SearchContactsByEmail hacia soap/vtigerolservice.php; o usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del (4) par\u00e1metro emailaddress en el m\u00e9todo SearchContactsByEmail hacia soap/thunderbirdplugin.php."}], "lastModified": "2024-11-21T01:53:11.547", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20038138-B797-40A5-A45B-9AB6C21033D0"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC7C1821-E227-4A80-8350-12F50320BBF2"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98DE0A56-EA74-4EA8-B941-F0DFF0F86F28"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FAF126B8-8BE9-4775-904B-5F6FD0FC97CE"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84AE51A9-59AF-47F9-8AFC-5219505FD170"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "773AE04C-2478-412F-B961-147E2079B2D2"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7983E217-C378-4D29-AB23-0A1F6FF483B7"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:rc:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16C7FC4B-4253-45C5-92A4-26705A1D98FF"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6CC38DA-63AA-4C1B-9626-4C4641E87576"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBC5BA70-9EB8-4118-AE90-9B450AECCDD2"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0C75930-986A-44F0-997F-C7066C696551"}, {"criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C606815-FD44-4528-9CCD-1CCA8B59F145"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}