CVE-2013-3213
Last modified
CVE-2013-3213 is a vulnerability of currently unknown severity. Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.. EPSS estimates a 3.21% chance of exploitation in the next 30 days.
Description
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vtiger | Vtiger Crm | 5.0.0 |
| Vtiger | Vtiger Crm | 5.0.1 |
| Vtiger | Vtiger Crm | 5.0.2 |
| Vtiger | Vtiger Crm | 5.0.3 |
| Vtiger | Vtiger Crm | 5.0.4 |
| Vtiger | Vtiger Crm | 5.1.0 |
| Vtiger | Vtiger Crm | 5.2.0 |
| Vtiger | Vtiger Crm | 5.2.1 |
| Vtiger | Vtiger Crm | 5.3.0 |
| Vtiger | Vtiger Crm | 5.4.0 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-3213?
How severe is CVE-2013-3213?
How do I fix CVE-2013-3213?
Are you affected by CVE-2013-3213?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST