VYPR
Unrated severityNVD Advisory· Published Nov 27, 2013· Updated Jun 16, 2026

CVE-2013-5957

CVE-2013-5957

Description

Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

25
  • Civicrm/Civicrm25 versions
    cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*+ 24 more
    • cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*range: <=4.2.11
    • cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.10:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.4.0:alpha1:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.4.0:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.4:alpha3:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.4:beta1:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.4:beta2:*:*:*:*:*:*
    • cpe:2.3:a:civicrm:civicrm:4.4:beta3:*:*:*:*:*:*
    • (no CPE)range: before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.