CVE-2013-6787 - OpenCVE

SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Chamilo	Chamilo Lms

Configuration 1 [-]

OR	cpe:2.3:a:chamilo:chamilo_lms::::::::
	cpe:2.3:a:chamilo:chamilo_lms:1.8.6.2:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.8.7:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.8.7.1:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.8.8.2:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.8.8.4:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.8.8.6:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.9.0:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.9.2:::::::*
	cpe:2.3:a:chamilo:chamilo_lms:1.9.4:::::::*

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-11/0141.html	Exploit
http://www.exploit-db.com/exploits/30012	Exploit
https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-10-2013-11-06-Moderate-risk-SQL-Injection-in-specific-unrecommended-case	Patch
https://www.htbridge.com/advisory/HTB23182	Exploit

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2013-12-05T18:00:00

Updated: 2013-12-05T17:57:00

Reserved: 2013-11-12T00:00:00

Link: CVE-2013-6787

JSON object: View

NVD Information

Status : Analyzed

Published: 2013-12-05T18:55:12.877

Modified: 2013-12-27T17:40:52.867

Link: CVE-2013-6787

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-27T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the \"password0\" parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-05T17:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30012", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/30012"}, {"name": "20131127 SQL Injection in Chamilo LMS", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0141.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.htbridge.com/advisory/HTB23182"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-10-2013-11-06-Moderate-risk-SQL-Injection-in-specific-unrecommended-case"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6787", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the \"password0\" parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30012", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/30012"}, {"name": "20131127 SQL Injection in Chamilo LMS", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0141.html"}, {"name": "https://www.htbridge.com/advisory/HTB23182", "refsource": "MISC", "url": "https://www.htbridge.com/advisory/HTB23182"}, {"name": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-10-2013-11-06-Moderate-risk-SQL-Injection-in-specific-unrecommended-case", "refsource": "CONFIRM", "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-10-2013-11-06-Moderate-risk-SQL-Injection-in-specific-unrecommended-case"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6787", "datePublished": "2013-12-05T18:00:00", "dateReserved": "2013-11-12T00:00:00", "dateUpdated": "2013-12-05T17:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:chamilo:chamilo_lms:*:*:*:*:*:*:*:*", "matchCriteriaId": "B7E99DEB-5A6A-4483-98A1-BE1D76EBE035", "versionEndIncluding": "1.9.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "7C36797C-A553-42E4-B855-59B22219D4C0", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.7:*:*:*:*:*:*:*", "matchCriteriaId": "B494675E-6264-4FC9-B829-7A40E82A34A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.7.1:*:*:*:*:*:*:*", "matchCriteriaId": "2298A795-6420-479E-A5A0-9F92CFDFDE67", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.8.2:*:*:*:*:*:*:*", "matchCriteriaId": "166D9186-7EF6-4B4D-AF7E-EE3BB64E5C28", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.8.4:*:*:*:*:*:*:*", "matchCriteriaId": "EC918E77-D731-41D9-8DBC-4A5E0B9230B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.8.8.6:*:*:*:*:*:*:*", "matchCriteriaId": "D29A4F8E-0E05-4696-BA0F-71C0B59BCF5E", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.9.0:*:*:*:*:*:*:*", "matchCriteriaId": "04B619FB-B282-443A-95AE-F0577B119FA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CD0A1DB-453D-4E44-8354-83E82E8254C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:chamilo:chamilo_lms:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "09EE7E5D-4199-42B1-B05D-0ABAAEFB64E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the \"password0\" parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n check_user_password en main/auth/profile.php en Chamilo LMS 1.9.6 y anteriores, cuando se utiliza el modo de contrase\u00f1as no cifradas durante la instalaci\u00f3n, permite a usuarios autenticados remotamente ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro \"password0\"."}], "id": "CVE-2013-6787", "lastModified": "2013-12-27T17:40:52.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2013-12-05T18:55:12.877", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0141.html"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.exploit-db.com/exploits/30012"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://support.chamilo.org/projects/chamilo-18/wiki/Security_issues#Issue-10-2013-11-06-Moderate-risk-SQL-Injection-in-specific-unrecommended-case"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://www.htbridge.com/advisory/HTB23182"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}