{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-23T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "102414", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102414"}, {"name": "65104", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65104"}, {"name": "VU#869702", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/869702"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2013-7175", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "102414", "refsource": "OSVDB", "url": "http://osvdb.org/102414"}, {"name": "65104", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65104"}, {"name": "VU#869702", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/869702"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T18:01:20.016Z"}, "title": "CVE Program Container", "references": [{"name": "102414", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/102414"}, {"name": "65104", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65104"}, {"name": "VU#869702", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/869702"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2013-7175", "datePublished": "2014-01-24T02:00:00", "dateReserved": "2013-12-19T00:00:00", "dateUpdated": "2024-08-06T18:01:20.016Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DE8CB46-0F31-47DB-830B-F1B2D54A1908", "versionEndIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0CEDF50-8532-47AC-B43E-28E35AC16B63", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "1DC73879-2D57-40AB-9024-62EFB838B218", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F17616D2-A648-47B6-9A38-4E57FEF4C843", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.3:*:*:*:*:*:*:*", "matchCriteriaId": "36AB6000-73F5-457E-BA9C-3CF1E6DA05EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.4:*:*:*:*:*:*:*", "matchCriteriaId": "DEFDF49F-FDA8-406F-AA0A-2AC678D48C9E", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "FEB69F82-5412-400C-A4F8-607668C8E6E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "F1F42750-1518-4FD3-9EA1-CBE5087DF27C", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "5996B9F0-D887-42CB-966B-2031AE527CB7", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.6:*:*:*:*:*:*:*", "matchCriteriaId": "D21BF557-72EB-4F68-BAC8-D8FF27EFF0BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.7:*:*:*:*:*:*:*", "matchCriteriaId": "37C12054-3B53-4361-8674-A304025FAC4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.8:*:*:*:*:*:*:*", "matchCriteriaId": "6F260636-B840-4222-9F72-5BEE299AC227", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:2.8.1:*:*:*:*:*:*:*", "matchCriteriaId": "44749927-5B8A-4EF4-B751-067D0D950B8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "A053F737-8C20-4AE4-B7F3-16B775B00D4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:3.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "A798DC0B-0D62-45A6-8620-32D961BF1176", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "EE4E4666-DADC-49B8-9B3A-741A60752DAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:3.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EEDF6DD4-7B84-4F9F-94C3-B16BE4341EDC", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6A4FF62A-1118-4F60-B099-0C536D2E6551", "vulnerable": true}, {"criteria": "cpe:2.3:a:avanset:visual_certexam_manager:3.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "FCD93517-1417-4E35-A0AA-39B5B5B502F5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) Candidate Name field."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Avanset CertExam Visual Manager 3.3 y anteriores permiten a usuarios remotos autenticados ejecutar comandos SQL a trav\u00e9s del (1) campo T\u00edtulo, (2) campo nombre de fichero , o (3) Campo Nombre de Candidato"}], "id": "CVE-2013-7175", "lastModified": "2024-11-21T02:00:26.200", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-24T04:38:09.637", "references": [{"source": "cret@cert.org", "url": "http://osvdb.org/102414"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/869702"}, {"source": "cret@cert.org", "url": "http://www.securityfocus.com/bid/65104"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/102414"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/869702"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/65104"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}