CVE-2013-3932 - Vulnerability Details - OpenCVE

ReportizFlow

SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the "Business Manager" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Jomres	Jomres

Configuration 1 [-]

cpe:2.3:a:jomres:jomres:*:*:*:*:*:joomla\!:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/61635
https://exchange.xforce.ibmcloud.com/vulnerabilities/86252
https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2020-01-02T19:26:30

Updated: 2024-08-06T16:22:01.474Z

Reserved: 2013-06-04T00:00:00

Link: CVE-2013-3932

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-01-02T20:15:13.350

Modified: 2024-11-21T01:54:33.913

Link: CVE-2013-3932

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Jomres component for Joomla!", "vendor": "Jomres", "versions": [{"status": "affected", "version": "before 7.3.1"}]}], "datePublic": "2013-08-06T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the \"Business Manager\" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php."}], "problemTypes": [{"descriptions": [{"description": "SQL Injection", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-02T19:26:30", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.securityfocus.com/bid/61635"}, {"tags": ["x_refsource_MISC"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252"}, {"tags": ["x_refsource_MISC"], "url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2013-3932", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Jomres component for Joomla!", "version": {"version_data": [{"version_value": "before 7.3.1"}]}}]}, "vendor_name": "Jomres"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the \"Business Manager\" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "SQL Injection"}]}]}, "references": {"reference_data": [{"name": "http://www.securityfocus.com/bid/61635", "refsource": "MISC", "url": "http://www.securityfocus.com/bid/61635"}, {"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252", "refsource": "MISC", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252"}, {"name": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html", "refsource": "MISC", "url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:22:01.474Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.securityfocus.com/bid/61635"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2013-3932", "datePublished": "2020-01-02T19:26:30", "dateReserved": "2013-06-04T00:00:00", "dateUpdated": "2024-08-06T16:22:01.474Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:jomres:jomres:*:*:*:*:*:joomla\\!:*:*", "matchCriteriaId": "7ECF0614-9DF5-4B51-B699-3F486463E37B", "versionEndExcluding": "7.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the Jomres (com_jomres) component before 7.3.1 for Joomla! allows remote authenticated users with the \"Business Manager\" permission to execute arbitrary SQL commands via the id parameter in an editProfile action to administrator/index.php."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el componente Jomres (com_jomres) versiones anteriores a la versi\u00f3n 7.3.1 para Joomla!, permite a usuarios autenticados remotos con el permiso \"Business Manager\" ejecutar comandos SQL arbitrarios por medio del par\u00e1metro id en una acci\u00f3n editProfile en el archivo administrator/index.php."}], "id": "CVE-2013-3932", "lastModified": "2024-11-21T01:54:33.913", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2020-01-02T20:15:13.350", "references": [{"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/61635"}, {"source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/61635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86252"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.joomlacorner.com/joomla-news/joomla-vulnerability-news/834-joomla-jomres-component-script-insertion-and-sql-injection-vulnerabilities.html"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}