Vulnerability Description
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simpilotgroup | Pop Up News | 2.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/53033Vendor Advisory
- http://www.exploit-db.com/exploits/24960
- http://www.osvdb.org/92328
- http://www.securityfocus.com/bid/59057Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83423
- https://github.com/DavidJClark/phpVMS-PopUpNews/commit/5cadf9cbf4d0872a879666ea5
- https://github.com/DavidJClark/phpVMS-PopUpNews/commit/efaffa04ef87db1722d69ac7b
- http://secunia.com/advisories/53033Vendor Advisory
- http://www.exploit-db.com/exploits/24960
- http://www.osvdb.org/92328
- http://www.securityfocus.com/bid/59057Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83423
- https://github.com/DavidJClark/phpVMS-PopUpNews/commit/5cadf9cbf4d0872a879666ea5
- https://github.com/DavidJClark/phpVMS-PopUpNews/commit/efaffa04ef87db1722d69ac7b
FAQ
What is CVE-2013-3524?
CVE-2013-3524 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: t...
How severe is CVE-2013-3524?
CVE-2013-3524 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3524?
Check the references section above for vendor advisories and patch information. Affected products include: Simpilotgroup Pop Up News.