cvelistv5 - cve-2013-3213

CVE-2013-3213 (GCVE-0-2013-3213)

Vulnerability from cvelistv5

Published

2014-04-02 14:00

Modified

2024-08-06 16:00

Severity ?

CWE

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html	Exploit
cve@mitre.org	http://karmainsecurity.com/KIS-2013-06	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/61563
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/86129
cve@mitre.org	https://www.vtiger.com/blogs/?p=1467
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://karmainsecurity.com/KIS-2013-06	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61563
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86129
af854a3a-2127-422b-91ae-364da2661108	https://www.vtiger.com/blogs/?p=1467

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:00:10.095Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://karmainsecurity.com/KIS-2013-06"
          },
          {
            "name": "20130801 [KIS-2013-06] vtiger CRM \u003c= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vtiger.com/blogs/?p=1467"
          },
          {
            "name": "61563",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/61563"
          },
          {
            "name": "vtigercrm-cve20133213-multiple-sql-injection(86129)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-08-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://karmainsecurity.com/KIS-2013-06"
        },
        {
          "name": "20130801 [KIS-2013-06] vtiger CRM \u003c= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vtiger.com/blogs/?p=1467"
        },
        {
          "name": "61563",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/61563"
        },
        {
          "name": "vtigercrm-cve20133213-multiple-sql-injection(86129)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3213",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://karmainsecurity.com/KIS-2013-06",
              "refsource": "MISC",
              "url": "http://karmainsecurity.com/KIS-2013-06"
            },
            {
              "name": "20130801 [KIS-2013-06] vtiger CRM \u003c= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
            },
            {
              "name": "https://www.vtiger.com/blogs/?p=1467",
              "refsource": "CONFIRM",
              "url": "https://www.vtiger.com/blogs/?p=1467"
            },
            {
              "name": "61563",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/61563"
            },
            {
              "name": "vtigercrm-cve20133213-multiple-sql-injection(86129)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-3213",
    "datePublished": "2014-04-02T14:00:00",
    "dateReserved": "2013-04-20T00:00:00",
    "dateUpdated": "2024-08-06T16:00:10.095Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-3213\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-04-02T16:05:49.267\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades inyecci\u00f3n SQL en vTiger CRM 5.0.0 hasta 5.4.0 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del (1) par\u00e1metro picklist_name en el m\u00e9todo get_picklists hacia soap/customerportal.php, (2) par\u00e1metro where en el m\u00e9todo get_tickets_list hacia soap/customerportal.php o (3) par\u00e1metro emailaddress en el m\u00e9todo SearchContactsByEmail hacia soap/vtigerolservice.php; o usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del (4) par\u00e1metro emailaddress en el m\u00e9todo SearchContactsByEmail hacia soap/thunderbirdplugin.php.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20038138-B797-40A5-A45B-9AB6C21033D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC7C1821-E227-4A80-8350-12F50320BBF2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98DE0A56-EA74-4EA8-B941-F0DFF0F86F28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FAF126B8-8BE9-4775-904B-5F6FD0FC97CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84AE51A9-59AF-47F9-8AFC-5219505FD170\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.0.4:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"773AE04C-2478-412F-B961-147E2079B2D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7983E217-C378-4D29-AB23-0A1F6FF483B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.1.0:rc:*:*:*:*:*:*\",\"matchCriteriaId\":\"16C7FC4B-4253-45C5-92A4-26705A1D98FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6CC38DA-63AA-4C1B-9626-4C4641E87576\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBC5BA70-9EB8-4118-AE90-9B450AECCDD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0C75930-986A-44F0-997F-C7066C696551\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vtiger:vtiger_crm:5.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C606815-FD44-4528-9CCD-1CCA8B59F145\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://karmainsecurity.com/KIS-2013-06\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/61563\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/86129\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.vtiger.com/blogs/?p=1467\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://karmainsecurity.com/KIS-2013-06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securityfocus.com/bid/61563\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/86129\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.vtiger.com/blogs/?p=1467\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

gsd-2013-3213

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-3213

Aliases

CVE-2013-3213

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-3213",
    "description": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.",
    "id": "GSD-2013-3213"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-3213"
      ],
      "details": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.",
      "id": "GSD-2013-3213",
      "modified": "2023-12-13T01:22:23.103464Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-3213",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://karmainsecurity.com/KIS-2013-06",
            "refsource": "MISC",
            "url": "http://karmainsecurity.com/KIS-2013-06"
          },
          {
            "name": "20130801 [KIS-2013-06] vtiger CRM \u003c= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
          },
          {
            "name": "https://www.vtiger.com/blogs/?p=1467",
            "refsource": "CONFIRM",
            "url": "https://www.vtiger.com/blogs/?p=1467"
          },
          {
            "name": "61563",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/61563"
          },
          {
            "name": "vtigercrm-cve20133213-multiple-sql-injection(86129)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-3213"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130801 [KIS-2013-06] vtiger CRM \u003c= 5.4.0 (SOAP Services) Multiple SQL Injection Vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [
                "Exploit"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
            },
            {
              "name": "https://www.vtiger.com/blogs/?p=1467",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.vtiger.com/blogs/?p=1467"
            },
            {
              "name": "61563",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/61563"
            },
            {
              "name": "http://karmainsecurity.com/KIS-2013-06",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://karmainsecurity.com/KIS-2013-06"
            },
            {
              "name": "vtigercrm-cve20133213-multiple-sql-injection(86129)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:33Z",
      "publishedDate": "2014-04-02T16:05Z"
    }
  }
}

fkie_cve-2013-3213

Vulnerability from fkie_nvd

Published

2014-04-02 16:05

Modified

2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html	Exploit
cve@mitre.org	http://karmainsecurity.com/KIS-2013-06	Exploit
cve@mitre.org	http://www.securityfocus.com/bid/61563
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/86129
cve@mitre.org	https://www.vtiger.com/blogs/?p=1467
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://karmainsecurity.com/KIS-2013-06	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/61563
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/86129
af854a3a-2127-422b-91ae-364da2661108	https://www.vtiger.com/blogs/?p=1467

Impacted products

Vendor	Product	Version
vtiger	vtiger_crm	5.0.0
vtiger	vtiger_crm	5.0.1
vtiger	vtiger_crm	5.0.2
vtiger	vtiger_crm	5.0.3
vtiger	vtiger_crm	5.0.4
vtiger	vtiger_crm	5.0.4
vtiger	vtiger_crm	5.1.0
vtiger	vtiger_crm	5.1.0
vtiger	vtiger_crm	5.2.0
vtiger	vtiger_crm	5.2.1
vtiger	vtiger_crm	5.3.0
vtiger	vtiger_crm	5.4.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20038138-B797-40A5-A45B-9AB6C21033D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC7C1821-E227-4A80-8350-12F50320BBF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "98DE0A56-EA74-4EA8-B941-F0DFF0F86F28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF126B8-8BE9-4775-904B-5F6FD0FC97CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "84AE51A9-59AF-47F9-8AFC-5219505FD170",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:rc:*:*:*:*:*:*",
              "matchCriteriaId": "773AE04C-2478-412F-B961-147E2079B2D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7983E217-C378-4D29-AB23-0A1F6FF483B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:rc:*:*:*:*:*:*",
              "matchCriteriaId": "16C7FC4B-4253-45C5-92A4-26705A1D98FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6CC38DA-63AA-4C1B-9626-4C4641E87576",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBC5BA70-9EB8-4118-AE90-9B450AECCDD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0C75930-986A-44F0-997F-C7066C696551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vtiger:vtiger_crm:5.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C606815-FD44-4528-9CCD-1CCA8B59F145",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades inyecci\u00f3n SQL en vTiger CRM 5.0.0 hasta 5.4.0 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del (1) par\u00e1metro picklist_name en el m\u00e9todo get_picklists hacia soap/customerportal.php, (2) par\u00e1metro where en el m\u00e9todo get_tickets_list hacia soap/customerportal.php o (3) par\u00e1metro emailaddress en el m\u00e9todo SearchContactsByEmail hacia soap/vtigerolservice.php; o usuarios remotos autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del (4) par\u00e1metro emailaddress en el m\u00e9todo SearchContactsByEmail hacia soap/thunderbirdplugin.php."
    }
  ],
  "id": "CVE-2013-3213",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-04-02T16:05:49.267",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://karmainsecurity.com/KIS-2013-06"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/61563"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.vtiger.com/blogs/?p=1467"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://karmainsecurity.com/KIS-2013-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/61563"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.vtiger.com/blogs/?p=1467"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php. Vtiger CRM Is SQL An injection vulnerability exists.By any third party, via the following parameters SQL The command may be executed. (4) soap/thunderbirdplugin.php of SearchContactsByEmail In the method emailaddress Parameters. vtiger CRM is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vtiger CRM 5.0.0 through versions 5.4.0 are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the soap/customerportal.php script does not correctly filter the 'picklist_name' parameter in the get_picklists method; the soap/customerportal.php script does not correctly filter the get_tickets_list method The 'where' parameter; the soap/vtigerolservice.php script does not correctly filter the 'emailaddress' parameter in the SearchContactsByEmail method; the soap/thunderbirdplugin.php script does not correctly filter the 'emailaddress' parameter in the SearchContactsByEmail method.

[-] Vulnerability Description:

1) The vulnerable code is located in the get_picklists SOAP method defined in /soap/customerportal.php:

$id = $input_array['id'];
$sessionid = $input_array['sessionid'];
$picklist_name = $adb->sql_escape_string($input_array['picklist_name']);
if(!validateSession($id,$sessionid))
return null;
$picklist_array = Array();
$admin_role = 'H2';
$userid = getPortalUserid();
$roleres = $adb->pquery("SELECT roleid from vtiger_user2role where userid = ?", array($userid));
$RowCount = $adb->num_rows($roleres);
if($RowCount > 0){
$admin_role = $adb->query_result($roleres,0,'roleid');
}
$res = $adb->pquery("select vtiger_". $picklist_name.".* from vtiger_". $picklist_name." inner join [...]

User input passed through the "picklist_name" parameter seems to be correctly sanitised by the sql_escape_string() method, but the vulnerability exists because it's used in the query at line 1194 without single or double quotes. This can be exploited to conduct blind SQL injection attacks.

2) The vulnerable code is located in the get_tickets_list SOAP method defined in /soap/customerportal.php:

$id = $input_array['id'];
$only_mine = $input_array['onlymine'];
$where = $input_array['where']; //addslashes is already added with where condition fields in portal itself
$match = $input_array['match'];
$sessionid = $input_array['sessionid'];
if(!validateSession($id,$sessionid))
return null;
// Prepare where conditions based on search query
$join_type = '';
$where_conditions = '';
if(trim($where) != '') {
if($match == 'all' || $match == '') {
$join_type = " AND ";
} elseif($match == 'any') {
$join_type = " OR ";
}
$where = explode("&&&",$where);
$where_conditions = implode($join_type, $where);

[...]

$query = "SELECT vtiger_troubletickets.*, vtiger_crmentity.smownerid,vtiger_crmentity.createdtime, [...]
FROM vtiger_troubletickets
INNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_troubletickets.ticketid AND [...]
WHERE vtiger_troubletickets.parent_id IN (". generateQuestionMarks($entity_ids_list) .")";
// Add conditions if there are any search parameters
if ($join_type != '' && $where_conditions != '') {
$query .= " AND (".$where_conditions.")";
}

User input passed through the "where" parameter isn't properly validated before being used in a SQL query at line 713. This can be exploited to conduct SQL injection attacks.

3) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/thunderbirdplugin.php:

function SearchContactsByEmail($username,$password,$emailaddress)
{
if(authentication($username,$password))
{
require_once('modules/Contacts/Contacts.php');
$seed_contact = new Contacts();
$output_list = Array();
$response = $seed_contact->get_searchbyemailid($username,$emailaddress);

User input passed through the "emailaddress" parameter isn't properly validated before being used in a call to the Contacts::get_searchbyemailid() method at line 195. This can be exploited to conduct SQL injection attacks. Successful exploitation of this vulnerability requires authentication.

4) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/vtigerolservice.php:

function SearchContactsByEmail($username,$session,$emailaddress)
{
if(!validateSession($username,$session))
return null;
require_once('modules/Contacts/Contacts.php');
$seed_contact = new Contacts();
$output_list = Array();
$response = $seed_contact->get_searchbyemailid($username,$emailaddress);

User input passed through the "emailaddress" parameter isn't properly validated before being used in a call to the Contacts::get_searchbyemailid() method at line 291. This can be exploited to conduct SQL injection attacks. Successful exploitation of this vulnerability requires knowledge of a valid username.

[-] Solution:

Apply the vendor patch:http://www.vtiger.com/blogs/?p=1467

[-] Disclosure Timeline:

[13/01/2013] - Vendor notified [06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848 [05/03/2013] - Feedback provided to the vendor [26/03/2013] - Vendor patch released [18/04/2013] - CVE number requested [20/04/2013] - CVE number assigned [01/08/2013] - Public disclosure

[-] CVE Reference:

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3213 to these vulnerabilities.

[-] Credits:

Vulnerabilities discovered by Egidio Romano.

[-] Original Advisory:

http://karmainsecurity.com/KIS-2013-06

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0102",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vtiger",
        "version": "5.2.1"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "vtiger",
        "version": "5.0.4"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vtiger",
        "version": "5.4.0"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vtiger",
        "version": "5.1.0"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vtiger",
        "version": "5.3.0"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vtiger",
        "version": "5.0.0"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vtiger",
        "version": "5.0.1"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "vtiger",
        "version": "5.2.0"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "vtiger",
        "version": "5.0.3"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vtiger",
        "version": "5.0.2"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "vtiger",
        "version": "5.0.0 to  5.4.0"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vtiger",
        "version": "5.3"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vtiger",
        "version": "5.2"
      },
      {
        "model": "crm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vtiger",
        "version": "5.1"
      },
      {
        "model": "crm rc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vtiger",
        "version": "5.0.4"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Egidio Romano",
    "sources": [
      {
        "db": "BID",
        "id": "61563"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-3213",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-3213",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.8,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-63215",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2013-3213",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2013-3213",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201308-014",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-63215",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php. Vtiger CRM Is SQL An injection vulnerability exists.By any third party, via the following parameters SQL The command may be executed. (4) soap/thunderbirdplugin.php of SearchContactsByEmail In the method emailaddress Parameters. vtiger CRM is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nvtiger CRM 5.0.0 through versions 5.4.0 are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the soap/customerportal.php script does not correctly filter the \u0027picklist_name\u0027 parameter in the get_picklists method; the soap/customerportal.php script does not correctly filter the get_tickets_list method The \u0027where\u0027 parameter; the soap/vtigerolservice.php script does not correctly filter the \u0027emailaddress\u0027 parameter in the SearchContactsByEmail method; the soap/thunderbirdplugin.php script does not correctly filter the \u0027emailaddress\u0027 parameter in the SearchContactsByEmail method. \n\n\n[-] Vulnerability Description:\n\n1) The vulnerable code is located in the get_picklists SOAP method defined in /soap/customerportal.php:\n\n1177. \t$id = $input_array[\u0027id\u0027];\n1178. \t$sessionid = $input_array[\u0027sessionid\u0027];\n1179. \t$picklist_name = $adb-\u003esql_escape_string($input_array[\u0027picklist_name\u0027]);\n1180. \n1181. \tif(!validateSession($id,$sessionid))\n1182. \treturn null;\n1183. \n1184. \t$picklist_array = Array();\n1185. \n1186. \t$admin_role = \u0027H2\u0027;\n1187. \t$userid = getPortalUserid();\n1188. \t$roleres = $adb-\u003epquery(\"SELECT roleid from vtiger_user2role where userid = ?\", array($userid));\n1189. \t$RowCount = $adb-\u003enum_rows($roleres);\n1190. \tif($RowCount \u003e 0){\n1191. \t\t$admin_role = $adb-\u003equery_result($roleres,0,\u0027roleid\u0027);\n1192. \t}\n1193. \n1194. \t$res = $adb-\u003epquery(\"select vtiger_\". $picklist_name.\".* from vtiger_\". $picklist_name.\" inner join [...]\n\nUser input passed through the \"picklist_name\" parameter seems to be correctly sanitised by the\nsql_escape_string() method, but the vulnerability exists because it\u0027s used in the query at line 1194\nwithout single or double quotes. This can be exploited to conduct blind SQL injection attacks. \n\n2) The vulnerable code is located in the get_tickets_list SOAP method defined in /soap/customerportal.php:\n\n654. \t$id = $input_array[\u0027id\u0027];\n655. \t$only_mine = $input_array[\u0027onlymine\u0027];\n656. \t$where = $input_array[\u0027where\u0027]; //addslashes is already added with where condition fields in portal itself\n657. \t$match = $input_array[\u0027match\u0027];\n658. \t$sessionid = $input_array[\u0027sessionid\u0027];\n659. \n660. \tif(!validateSession($id,$sessionid))\n661. \t\treturn null;\n662. \n663. \t// Prepare where conditions based on search query\n664. \t$join_type = \u0027\u0027;\n665. \t$where_conditions = \u0027\u0027;\n666. \tif(trim($where) != \u0027\u0027) {\n667. \t\tif($match == \u0027all\u0027 || $match == \u0027\u0027) {\n668. \t\t\t$join_type = \" AND \";\n669. \t\t} elseif($match == \u0027any\u0027) {\n670. \t\t\t$join_type = \" OR \";\n671. \t\t}\n672. \t\t$where = explode(\"\u0026\u0026\u0026\",$where);\n673. \t\t$where_conditions = implode($join_type, $where);\n\n[...]\n\n707. \t$query = \"SELECT vtiger_troubletickets.*, vtiger_crmentity.smownerid,vtiger_crmentity.createdtime, [...]\n708. \t\tFROM vtiger_troubletickets\n709. \t\tINNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_troubletickets.ticketid AND [...]\n710. \t\tWHERE vtiger_troubletickets.parent_id IN (\". generateQuestionMarks($entity_ids_list) .\")\";\n711. \t// Add conditions if there are any search parameters\n712. \tif ($join_type != \u0027\u0027 \u0026\u0026 $where_conditions != \u0027\u0027) {\n713. \t\t$query .= \" AND (\".$where_conditions.\")\";\n714. \t}\n\nUser input passed through the \"where\" parameter isn\u0027t properly validated before being\nused in a SQL query at line 713. This can be exploited to conduct SQL injection attacks. \n\n3) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/thunderbirdplugin.php:\n\n186. \tfunction SearchContactsByEmail($username,$password,$emailaddress)\n187. \t{\n188. \t  if(authentication($username,$password))\n189. \t  {\n190. \t     require_once(\u0027modules/Contacts/Contacts.php\u0027);\n191. \t\n192. \t     $seed_contact = new Contacts();\n193. \t     $output_list = Array();\n194. \t\n195. \t     $response = $seed_contact-\u003eget_searchbyemailid($username,$emailaddress);\n\nUser input passed through the \"emailaddress\" parameter isn\u0027t properly validated before being used\nin a call to the Contacts::get_searchbyemailid() method at line 195. This can be exploited to conduct\nSQL injection attacks. Successful exploitation of this vulnerability requires authentication. \n\n4) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/vtigerolservice.php:\n\n282. \tfunction SearchContactsByEmail($username,$session,$emailaddress)\n283. \t{\n284. \t\tif(!validateSession($username,$session))\n285. \t\treturn null;\n286. \t\trequire_once(\u0027modules/Contacts/Contacts.php\u0027);\n287. \t\n288. \t     $seed_contact = new Contacts();\n289. \t     $output_list = Array();\n290. \t\n291. \t     $response = $seed_contact-\u003eget_searchbyemailid($username,$emailaddress);\n\nUser input passed through the \"emailaddress\" parameter isn\u0027t properly validated before being used in\na call to the Contacts::get_searchbyemailid() method at line 291. This can be exploited to conduct SQL\ninjection attacks. Successful exploitation of this vulnerability requires knowledge of a valid username. \n\n\n[-] Solution:\n\nApply the vendor patch:http://www.vtiger.com/blogs/?p=1467\n\n\n[-] Disclosure Timeline:\n\n[13/01/2013] - Vendor notified\n[06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848\n[05/03/2013] - Feedback provided to the vendor\n[26/03/2013] - Vendor patch released\n[18/04/2013] - CVE number requested\n[20/04/2013] - CVE number assigned\n[01/08/2013] - Public disclosure\n\n\n[-] CVE Reference:\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\nhas assigned the name CVE-2013-3213 to these vulnerabilities. \n\n\n[-] Credits:\n\nVulnerabilities discovered by Egidio Romano. \n\n\n[-] Original Advisory:\n\nhttp://karmainsecurity.com/KIS-2013-06\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-3213"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "BID",
        "id": "61563"
      },
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "db": "PACKETSTORM",
        "id": "122641"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-63215",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-3213",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "61563",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014",
        "trust": 0.7
      },
      {
        "db": "XF",
        "id": "86129",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "20133213",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20130801 [KIS-2013-06] VTIGER CRM \u003c= 5.4.0 (SOAP SERVICES) MULTIPLE SQL INJECTION VULNERABILITIES",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "122641",
        "trust": 0.2
      },
      {
        "db": "EXPLOIT-DB",
        "id": "27279",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-63215",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "db": "BID",
        "id": "61563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "PACKETSTORM",
        "id": "122641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "id": "VAR-201404-0102",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      }
    ],
    "trust": 0.62916664
  },
  "last_update_date": "2024-08-14T13:25:07.662000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Vtiger 5.4.0 Security Patch Released",
        "trust": 0.8,
        "url": "https://www.vtiger.com/blogs/?p=1467"
      },
      {
        "title": "vtigercrm6.0.0",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49112"
      },
      {
        "title": "vtigercrm600",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49111"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-89",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "https://www.vtiger.com/blogs/?p=1467"
      },
      {
        "trust": 2.1,
        "url": "http://karmainsecurity.com/kis-2013-06"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/61563"
      },
      {
        "trust": 1.7,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3213"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3213"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/86129"
      },
      {
        "trust": 0.3,
        "url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%205.1.0/"
      },
      {
        "trust": 0.1,
        "url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-3213"
      },
      {
        "trust": 0.1,
        "url": "http://www.vtiger.com/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "db": "BID",
        "id": "61563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "PACKETSTORM",
        "id": "122641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "db": "BID",
        "id": "61563"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "db": "PACKETSTORM",
        "id": "122641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "date": "2013-08-01T00:00:00",
        "db": "BID",
        "id": "61563"
      },
      {
        "date": "2014-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "date": "2013-08-01T18:32:11",
        "db": "PACKETSTORM",
        "id": "122641"
      },
      {
        "date": "2013-08-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      },
      {
        "date": "2014-04-02T16:05:49.267000",
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-63215"
      },
      {
        "date": "2013-08-01T00:00:00",
        "db": "BID",
        "id": "61563"
      },
      {
        "date": "2014-04-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      },
      {
        "date": "2014-04-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      },
      {
        "date": "2017-08-29T01:33:22.010000",
        "db": "NVD",
        "id": "CVE-2013-3213"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "122641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Vtiger CRM In  SQL Injection vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-006283"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "sql injection",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "122641"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201308-014"
      }
    ],
    "trust": 0.7
  }
}

ghsa-hvgh-6jqx-4v3w

Vulnerability from github

Published

2022-05-17 01:35

Modified

2022-05-17 01:35

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-3213"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-89"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-04-02T16:05:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.",
  "id": "GHSA-hvgh-6jqx-4v3w",
  "modified": "2022-05-17T01:35:12Z",
  "published": "2022-05-17T01:35:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-3213"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
    },
    {
      "type": "WEB",
      "url": "https://www.vtiger.com/blogs/?p=1467"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
    },
    {
      "type": "WEB",
      "url": "http://karmainsecurity.com/KIS-2013-06"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/61563"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2013-3213 (GCVE-0-2013-3213)

Vulnerability from cvelistv5

gsd-2013-3213

Vulnerability from gsd

fkie_cve-2013-3213

Vulnerability from fkie_nvd

var-201404-0102

Vulnerability from variot

ghsa-hvgh-6jqx-4v3w

Vulnerability from github

Tags

Sightings

Nomenclature