Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2013-11-27T18:00:00
Updated: 2013-12-01T17:26:34
Reserved: 2013-09-27T00:00:00
Link: CVE-2013-5957
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-11-27T18:55:04.567
Modified: 2021-04-16T18:09:42.607
Link: CVE-2013-5957
JSON object: View
Redhat Information
No data.
CWE