Описание
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*
EPSS
Процентиль: 33%
0.00132
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
debian
около 12 лет назад
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...
EPSS
Процентиль: 33%
0.00132
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-89