Security Advisory

CVE-2013-4662

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-01-29 18:00:00

Last updated 2024-08-06 16:52:26

Assigner mitre

State PUBLISHED

Description

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.

← Browse all CVEs View on cve.org ↗