Lucene search

MitreCVE-2013-3524

HistoryMay 10, 2013 - 9:55 p.m.

CVE-2013-3524

2013-05-1021:55:02

CWE-89

mitre

web.nvd.nist.gov

cve-2013-3524

sql injection

pop up news module

phpvms

remote code execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON

SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.

Affected configurations

Nvd

Node

simpilotgrouppop_up_newsMatch2.0

VendorProductVersionCPE
simpilotgrouppop_up_news2.0cpe:2.3:a:simpilotgroup:pop_up_news:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
simpilotgroup	pop_up_news	2.0	cpe:2.3:a:simpilotgroup:pop_up_news:2.0:::::::*

References

secunia.com/advisories/53033

www.exploit-db.com/exploits/24960

www.osvdb.org/92328

www.securityfocus.com/bid/59057

exchange.xforce.ibmcloud.com/vulnerabilities/83423

github.com/DavidJClark/phpVMS-PopUpNews/commit/5cadf9cbf4d0872a879666ea594be356fad5897e

github.com/DavidJClark/phpVMS-PopUpNews/commit/efaffa04ef87db1722d69ac7bfc07be71ce2dccf

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.8

Confidence

Low

EPSS

0.006

Percentile

77.7%

JSON

Related for CVE-2013-3524