Skip to main content

Enterprise Mrg CVE-2013-4461

HIGH
SQL Injection (CWE-89)
2013-12-23 secalert@redhat.com
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 23, 2013 - 22:55 cve.org
HIGH 7.5

DescriptionCVE.org

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."

AnalysisAI

SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator." Affected products include: Redhat Enterprise Mrg.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2013-1892 MEDIUM POC
6.0 Oct 01

MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate requests to the nativeHelper function in SpiderMo

CVE-2014-3673 HIGH POC
7.5 Nov 10

The SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (system

CVE-2014-3687 HIGH POC
7.5 Nov 10

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through

CVE-2020-10757 HIGH POC
7.8 Jun 09

A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pages. Rated high seve

CVE-2016-3699 HIGH POC
7.4 Oct 07

The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat Enterprise MRG 2 and when booted with UEFI Secure

CVE-2013-3301 HIGH POC
7.2 Apr 29

The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer

CVE-2012-2734 MEDIUM POC
6.8 Sep 28

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messa

CVE-2019-3459 MEDIUM POC
6.5 Apr 11

A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. Rated

CVE-2013-1773 MEDIUM POC
6.2 Feb 28

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileg

CVE-2012-2681 MEDIUM POC
5.8 Sep 28

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random nu

CVE-2015-1350 MEDIUM POC
5.5 May 02

The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that undersp

CVE-2020-12826 MEDIUM POC
5.3 May 12

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Rated medium severi

Share

CVE-2013-4461 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy