Lucene search
HistoryMar 01, 2014 - 12:01 a.m.
CVE-2013-2498
cve-2013-2498
sql injection
simplehrm
user_manager.php
remote attackers
arbitrary sql commands
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.6%
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
Affected configurations
Node
simplehrmsimplehrmRange≤2.2
ORsimplehrmsimplehrmMatch2.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| simplehrm:simplehrm | simplehrm | le | 2.2 |
| simplehrm:simplehrm | simplehrm | eq | 2.3 |
Related
prion
prion
Sql injection
2014-03-01 00:01:00
cvelist
cvelist
CVE-2013-2498
2014-02-28 17:00:00
openvas
openvas
SimpleHRM 'username' Parameter SQL Injection Vulnerability
2014-04-03 00:00:00
nvd
nvd
CVE-2013-2498
2014-03-01 00:01:07
seebug
seebug
Simple HRM System <= 2.3 - Multiple Vulnerabilities
2014-07-01 00:00:00
exploitpack
exploitpack
Simple HRM System 2.3 - Multiple Vulnerabilities
2013-04-12 00:00:00
exploitdb
exploitdb
Simple HRM System 2.3 - Multiple Vulnerabilities
2013-04-12 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.6%
Related for CVE-2013-2498