{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-04-20T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-05-04T16:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "67000", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/67000"}, {"name": "20140420 phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2014/Apr/249"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-3757", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "67000", "refsource": "BID", "url": "http://www.securityfocus.com/bid/67000"}, {"name": "20140420 phpManufaktur / kitForm Unauthenticated SQL Injection Vulnerability", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2014/Apr/249"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-3757", "datePublished": "2014-05-15T14:00:00", "dateReserved": "2014-05-15T00:00:00", "dateUpdated": "2015-05-04T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpmanufaktur:kitform:*:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "8FE7643B-46E0-448E-A6DF-E93549B7FD3E", "versionEndIncluding": "0.43", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.10:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "7FB0BF09-7020-488D-A8A2-C121B369F707", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.11:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "3923BEFA-B1EC-444E-B503-272EF7F02FA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.12:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "ABA3135C-27D2-483B-B4DC-A3359829FF95", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.13:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "18FCE0F1-848F-4B93-9B60-A27C3C96C7CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.14:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "84961ACC-4E65-47FB-BD30-58C5BA8D4153", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.15:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "1E0603DB-80B3-4351-929F-DCCBA38DC83A", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.16:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "30633844-19B1-4036-8CF0-80FB9754A055", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.17:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "7B4413B0-D3EC-4645-A413-E4BB34A3C58C", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.18:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "BEE36658-5D60-4DBE-A16E-7389C69EE9AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.19:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "E73B4D85-AAAD-4016-8B01-A3DFA4383A77", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.20:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "F81A0FB1-7446-4BD7-B676-463AB73ED979", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.21:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "07ED7DCE-1856-47A1-993B-A56F812D1B9B", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.22:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "E0C0D9CD-CB31-41FE-8868-4353272CECF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.23:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "31799AC4-D5C9-4F76-A429-4A646DFA85E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.24:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "2EC32AC6-D83A-4236-B897-CA3229E13E8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.25:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "653E6423-2707-4A15-AB4A-FFE4F0CE697D", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.26:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "22EA0B7E-D47B-4DC8-84FE-FB3EE3DE1343", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.27:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "181B0D95-16DE-4E57-9341-476AE420E9DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.28:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "74A196B2-F445-4002-A143-C7C4F7C0F9F3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.29:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "E601BF71-9149-4140-AE71-06C3A3F91802", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.30:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "0CAA2415-1006-4581-96A1-AF7813CFBEDE", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.31:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "3676C720-26C1-4249-843F-64254474CCF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.32:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "A502F526-E413-4AED-B478-FBF7659A35B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.33:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "E1227EEB-2947-4743-A853-0D4482CB6659", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.34:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "9F3C0A02-DEF9-4A34-8854-1F9CB79121A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.35:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "609EA287-A6EF-4D2D-A524-FF11BA4E9249", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.36:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "FD918220-27C1-4A74-AF28-D2E11D171C3D", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.37:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "70556AF9-5B9A-4963-AD2B-E59A9524CBD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.38:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "32E4A954-0E1D-4CD9-B5FA-EC3FFC989117", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.39:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "FE848E64-0D3F-4576-BB63-739F08BBA2DA", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.40:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "B72C8C0A-54AF-4725-8BA5-5253F941C328", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.41:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "74DFB885-8B4B-4115-8A32-5B1BE2DC0069", "vulnerable": true}, {"criteria": "cpe:2.3:a:phpmanufaktur:kitform:0.42:*:*:*:*:keepintouch:*:*", "matchCriteriaId": "ECFA01F1-2CE8-4996-A77E-C797201B6154", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in sorter.php in the phpManufaktur kitForm extension 0.43 and earlier for the KeepInTouch (KIT) module allows remote attackers to execute arbitrary SQL commands via the sorter_value parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en sorter.php en la extensi\u00f3n phpManufaktur kitForm 0.43 y anteriores para el m\u00f3dulo KeepInTouch (KIT) permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro sorter_value."}], "id": "CVE-2014-3757", "lastModified": "2015-10-21T16:23:45.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-15T14:55:07.543", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://seclists.org/fulldisclosure/2014/Apr/249"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/67000"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}