CVE-2013-3523

SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://freecode.com/projects/this/releases/353516
http://osvdb.org/91976
http://xforce.iss.net/xforce/xfdb/84168
https://exchange.xforce.ibmcloud.com/vulnerabilities/84168

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:gajennings:this::a::::::*
	cpe:2.3:a:gajennings:this:1.0.1:::::::*
	cpe:2.3:a:gajennings:this:1.0.2:::::::*
	cpe:2.3:a:gajennings:this:1.0.3:::::::*
	cpe:2.3:a:gajennings:this:1.0.4:::::::*
	cpe:2.3:a:gajennings:this:1.0.5:::::::*
	cpe:2.3:a:gajennings:this:1.0.6:::::::*
	cpe:2.3:a:gajennings:this:1.1.0:::::::*
	cpe:2.3:a:gajennings:this:1.1.1:::::::*
	cpe:2.3:a:gajennings:this:1.1.2:::::::*
	cpe:2.3:a:gajennings:this:1.1.3:::::::*
	cpe:2.3:a:gajennings:this:1.1.4:::::::*
	cpe:2.3:a:gajennings:this:1.1.5:::::::*
	cpe:2.3:a:gajennings:this:1.1.6:::::::*
	cpe:2.3:a:gajennings:this:1.1.7:::::::*
	cpe:2.3:a:gajennings:this:1.1.8:::::::*
	cpe:2.3:a:gajennings:this:1.2.0:::::::*
	cpe:2.3:a:gajennings:this:1.2.1:::::::*
	cpe:2.3:a:gajennings:this:1.2.2:::::::*
	cpe:2.3:a:gajennings:this:1.2.3:::::::*

History

No history.

Information

Published : 2013-05-10 21:55

Updated : 2022-03-16 16:15

NVD link : CVE-2013-3523

Mitre link : CVE-2013-3523

CVE.ORG link : CVE-2013-3523

JSON object : View

Products Affected

gajennings

this

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2013-3523", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-05-10T21:55:02.260", "references": [{"url": "http://freecode.com/projects/this/releases/353516", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/91976", "source": "cve@mitre.org"}, {"url": "http://xforce.iss.net/xforce/xfdb/84168", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84168", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL."}, {"lang": "es", "value": "La vulnerabilidad de inyecci\u00f3n SQL en This HTML Is Simple (THIS) antes de la versi\u00f3n 1.2.4 permite la ejecuci\u00f3n remota de comandos SQL arbitrarios a trav\u00e9s de vectores relacionados con op=page&id= en la URL."}], "lastModified": "2022-03-16T16:15:10.477", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gajennings:this:*:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6999F7D-DB7F-4400-8AAC-703C835F03D0", "versionEndIncluding": "1.2.3"}, {"criteria": "cpe:2.3:a:gajennings:this:1.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A58B02A3-0FDC-446E-89A5-D5224B1C560B"}, {"criteria": "cpe:2.3:a:gajennings:this:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95BD9400-858D-478D-8459-8E9C40AD9812"}, {"criteria": "cpe:2.3:a:gajennings:this:1.0.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DB79424-50CA-4C43-9756-B0173CB7A2B6"}, {"criteria": "cpe:2.3:a:gajennings:this:1.0.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEA36F9F-2657-4C19-BCEB-7EF513A846A1"}, {"criteria": "cpe:2.3:a:gajennings:this:1.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7D6D64D-BDB7-4A74-9128-6B24B909E5A5"}, {"criteria": "cpe:2.3:a:gajennings:this:1.0.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44AD23C4-3B84-4612-B4F9-C65A2C58BBCB"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC873EF9-01DB-4909-9631-5C389A99248D"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82770F02-C6F9-419E-BBF4-66FA3589A847"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "84C8D6D5-2FD6-4B03-B6F6-B5F3A2F6662F"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A723610-BE89-4DC9-80A3-3A321D52AD13"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B734C790-0F22-43C0-934D-350C30327524"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "642FE0E4-070A-497B-B333-3A3962D1B294"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B0F58EAB-CA66-423D-997E-D841EBE714FA"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CE19C5A-A008-48BD-BAF6-91C855DA6794"}, {"criteria": "cpe:2.3:a:gajennings:this:1.1.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B9FE67C-9F83-42D5-8950-25FDD1CE493A"}, {"criteria": "cpe:2.3:a:gajennings:this:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B11D0FB-22C8-46EE-BD7F-C0EB6487D6D5"}, {"criteria": "cpe:2.3:a:gajennings:this:1.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3DE3BFBF-C99A-4FB3-BFBF-1698E7E435CD"}, {"criteria": "cpe:2.3:a:gajennings:this:1.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CA9F302D-ABED-40ED-B8E6-50C493FDD2F5"}, {"criteria": "cpe:2.3:a:gajennings:this:1.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55A2D453-8362-43BC-9240-6BBACF8A1C6A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}