Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
civicrm civicrm 4.2.8 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-4662
The Quick Search API in CiviCRM 4.2.0 up to and including 4.2.9 and 4.3.0 up to and including 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to conta...
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.2.9
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.2.5
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.3.3
Civicrm Civicrm 4.2.0
Civicrm Civicrm 4.2.1
Civicrm Civicrm 4.2.2
Civicrm Civicrm 4.3.0
Civicrm Civicrm 4.3.2
Civicrm Civicrm 4.2.4
Civicrm Civicrm 4.2.6
NA
CVE-2013-5957
Multiple SQL injection vulnerabilities in CRM/Core/Page/AJAX/Location.php in CiviCRM prior to 4.2.12, 4.3.x prior to 4.3.7, and 4.4.x prior to 4.4.beta4 allow remote malicious users to execute arbitrary SQL commands via the _value parameter to (1) ajax/jqState or (2) ajax/jqcount...
Civicrm Civicrm 4.4.0
Civicrm Civicrm 4.4
Civicrm Civicrm
Civicrm Civicrm 4.2.10
Civicrm Civicrm 4.2.5
Civicrm Civicrm 4.2.4
Civicrm Civicrm 4.2.2
Civicrm Civicrm 4.2.1
Civicrm Civicrm 4.2.9
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.2.6
Civicrm Civicrm 4.2.0
Civicrm Civicrm 4.3.3
Civicrm Civicrm 4.3.4
Civicrm Civicrm 4.3.5
Civicrm Civicrm 4.3.6
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.3.0
Civicrm Civicrm 4.3.2
NA
CVE-2013-1636
Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in Open Flash Chart (aka Open-Flash Chart), as used in the Pretty Link Lite plugin prior to 1.6.3 for WordPress, JNews (com_jnews) component 8.0.1 for Joomla!, and CiviCRM 3.1.0 up to and including 4.2.9 and 4.3.0 u...
Blair Williams Pretty Link Lite 1.6.0
Blair Williams Pretty Link Lite 1.6.1
Blair Williams Pretty Link Lite
Joobi Com Jnews 8.0.1
Civicrm Civicrm 4.3.1
Civicrm Civicrm 3.1.1
Civicrm Civicrm 3.1.2
Civicrm Civicrm 3.2.2
Civicrm Civicrm 3.2.3
Civicrm Civicrm 3.3.6
Civicrm Civicrm 3.4.0
Civicrm Civicrm 4.1.5
Civicrm Civicrm 4.1.6
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.3.3
Civicrm Civicrm 3.1.0
Civicrm Civicrm 3.2.0
Civicrm Civicrm 3.2.1
Civicrm Civicrm 3.3.3
Civicrm Civicrm 3.3.5
Civicrm Civicrm 4.1.3
1 EDB exploit
NA
CVE-2013-4661
CiviCRM 2.0.0 up to and including 4.2.9 and 4.3.0 up to and including 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with the "access CiviCRM" permission to bypass intend...
Civicrm Civicrm 2.0.0
Civicrm Civicrm 2.2.1
Civicrm Civicrm 2.2.2
Civicrm Civicrm 2.2.3
Civicrm Civicrm 2.2.5
Civicrm Civicrm 3.1.4
Civicrm Civicrm 3.1.5
Civicrm Civicrm 3.1.6
Civicrm Civicrm 3.2.0
Civicrm Civicrm 4.3.1
Civicrm Civicrm 4.3.2
Civicrm Civicrm 4.3.3
Civicrm Civicrm 4.0.5
Civicrm Civicrm 4.2.7
Civicrm Civicrm 4.2.8
Civicrm Civicrm 4.2.9
Civicrm Civicrm 2.0.1
Civicrm Civicrm 2.0.3
Civicrm Civicrm 2.1.2
Civicrm Civicrm 2.1.6
Civicrm Civicrm 2.2.7
Civicrm Civicrm 2.2.9
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
firmware
CVE-2006-4304
CVE-2024-32878
CVE-2024-31502
XSS
CVE-2024-3059
CVE-2024-33692
CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started