Vulnerability Name:
CVE-2013-4745 (CCN-82220)
Assigned:
2013-02-19
Published:
2013-02-19
Updated:
2013-07-02
Summary:
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS v3 Severity:
7.3 High
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
Low
Availibility (A):
Low
CVSS v2 Severity:
7.5 High
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.5 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
7.5 High
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
)
5.5 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
Partial
Availibility (A):
Partial
Vulnerability Type:
CWE-89
Vulnerability Consequences:
Data Manipulation
References:
Source: MITRE
Type: CNA
CVE-2013-4745
Source: OSVDB
Type: UNKNOWN
90410
Source: CCN
Type: SA52285
TYPO3 My quiz and poll Extension Cross-Site Scripting and SQL Injection Vulnerabilities
Source: CCN
Type: My quiz and poll extension for TYPO3 Web Site
My quiz and poll extension for TYPO3
Source: CONFIRM
Type: UNKNOWN
http://typo3.org/extensions/repository/view/myquizpoll
Source: CCN
Type: TYPO3-EXT-SA-2013-005
Several vulnerabilities in third party extensions
Source: MISC
Type: Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/
Source: CCN
Type: BID-58057
TYPO3 My quiz and poll Extension CVE-2013-4745 Unspecified SQL-Injection Vulnerability
Source: XF
Type: UNKNOWN
myquizandpoll-unspecified-sql-injection(82220)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:kurt_gusbeth:myquizpoll:0.1.1:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.1.2:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.1.3:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.1.4:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.1.5:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.1.6:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.1.7:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.2.0:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.2.1:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.2.2:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.3.0:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:0.4.0:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:1.0.0:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:1.0.1:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:1.1.0:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:1.2.0:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:1.3.0:*:*:*:*:*:*:*
OR
cpe:/a:kurt_gusbeth:myquizpoll:*:*:*:*:*:*:*:*
(Version <= 1.4.0)
AND
cpe:/a:typo3:typo3:-:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
kurt_gusbeth
myquizpoll 0.1.1
kurt_gusbeth
myquizpoll 0.1.2
kurt_gusbeth
myquizpoll 0.1.3
kurt_gusbeth
myquizpoll 0.1.4
kurt_gusbeth
myquizpoll 0.1.5
kurt_gusbeth
myquizpoll 0.1.6
kurt_gusbeth
myquizpoll 0.1.7
kurt_gusbeth
myquizpoll 0.2.0
kurt_gusbeth
myquizpoll 0.2.1
kurt_gusbeth
myquizpoll 0.2.2
kurt_gusbeth
myquizpoll 0.3.0
kurt_gusbeth
myquizpoll 0.4.0
kurt_gusbeth
myquizpoll 1.0.0
kurt_gusbeth
myquizpoll 1.0.1
kurt_gusbeth
myquizpoll 1.1.0
kurt_gusbeth
myquizpoll 1.2.0
kurt_gusbeth
myquizpoll 1.3.0
kurt_gusbeth
myquizpoll *
typo3
typo3 -
Denotes that component is vulnerable