Unrated severityNVD Advisory· Published Nov 27, 2013· Updated Jun 16, 2026
CVE-2013-5957
CVE-2013-5957
Description
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4 allow remote attackers to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcounty.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*+ 24 more
- cpe:2.3:a:civicrm:civicrm:*:*:*:*:*:*:*:*range: <=4.2.11
- cpe:2.3:a:civicrm:civicrm:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.2.9:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.4.0:alpha1:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.4.0:alpha2:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.4:alpha3:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.4:beta1:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.4:beta2:*:*:*:*:*:*
- cpe:2.3:a:civicrm:civicrm:4.4:beta3:*:*:*:*:*:*
- (no CPE)range: before 4.2.12, 4.3.x before 4.3.7, and 4.4.x before 4.4.beta4
Patches
Vulnerability mechanics
References
4- civicrm.org/advisory/civi-sa-2013-009-sql-injection-vulnerabilitynvdPatchVendor Advisory
- github.com/civicrm/civicrm-core/pull/1708.diffnvdPatch
- www.navixia.com/blog/entry/navixia-finds-critical-vulnerability-in-civicrm-cve-2013-5957.htmlnvdExploit
- www.navixia.com/company/navixia-news/395-navixia-finds-critical-vulnerability-in-civicrm.htmlnvd
News mentions
0No linked articles in our index yet.