Skip to main content

Instantcms CVE-2013-6839

HIGH
SQL Injection (CWE-89)
2013-12-13 cve@mitre.org
7.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:N/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Dec 13, 2013 - 18:07 cve.org
HIGH 7.5

DescriptionCVE.org

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].

AnalysisAI

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id]. Affected products include: Instantsoft Instantcms.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2013-10051 CRITICAL POC
9.3 Aug 01

A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() withi

CVE-2023-4188 CRITICAL POC
9.1 Aug 05

SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated critical severity (CVSS 9.1), this vulne

CVE-2024-31212 HIGH POC
7.2 Apr 04

InstantCMS is a free and open source content management system. Rated high severity (CVSS 7.2), this vulnerability is re

CVE-2023-4655 MEDIUM POC
6.1 Aug 31

Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CV

CVE-2018-14382 MEDIUM POC
6.1 Jul 18

InstantCMS 2.10.1 has /redirect?url= XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable,

CVE-2024-50348 MEDIUM POC
5.4 Oct 29

InstantCMS is a free and open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is

CVE-2024-31213 MEDIUM POC
5.4 Apr 05

InstantCMS is a free and open source content management system. Rated medium severity (CVSS 5.4), this vulnerability is

CVE-2023-4878 MEDIUM POC
5.4 Sep 10

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (CV

CVE-2023-4652 MEDIUM POC
5.4 Aug 31

Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated medium severity (C

CVE-2023-4651 MEDIUM POC
5.4 Aug 31

Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5

CVE-2023-4649 MEDIUM POC
5.4 Aug 31

Session Fixation in GitHub repository instantsoft/icms2 prior to 2.16.1. Rated medium severity (CVSS 5.4), this vulnerab

CVE-2023-4704 MEDIUM POC
4.9 Sep 01

External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. Rated me

Share

CVE-2013-6839 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy