CVE-2013-5957
EUVD-2013-578927.11.2013, 18:55
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| civicrm | civicrm | 4.4:alpha3 |
| civicrm | civicrm | 4.4:beta1 |
| civicrm | civicrm | 4.4:beta2 |
| civicrm | civicrm | 4.4:beta3 |
| civicrm | civicrm | 4.4.0:alpha1 |
| civicrm | civicrm | 4.4.0:alpha2 |
| civicrm | civicrm | 𝑥 ≤ 4.2.11 |
| civicrm | civicrm | 4.2.0 |
| civicrm | civicrm | 4.2.1 |
| civicrm | civicrm | 4.2.2 |
| civicrm | civicrm | 4.2.4 |
| civicrm | civicrm | 4.2.5 |
| civicrm | civicrm | 4.2.6 |
| civicrm | civicrm | 4.2.7 |
| civicrm | civicrm | 4.2.8 |
| civicrm | civicrm | 4.2.9 |
| civicrm | civicrm | 4.2.10 |
| civicrm | civicrm | 4.3.0 |
| civicrm | civicrm | 4.3.1 |
| civicrm | civicrm | 4.3.2 |
| civicrm | civicrm | 4.3.3 |
| civicrm | civicrm | 4.3.4 |
| civicrm | civicrm | 4.3.5 |
| civicrm | civicrm | 4.3.6 |
𝑥
= Vulnerable software versions
References