Sign-up

ID

VAR-201307-0411


CVE

CVE-2013-4748


TITLE

TYPO3 for News system In the extension SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-003188

DESCRIPTION

SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. MSM camera driver for the Linux kernel is a Qualcomm platform camera driver project based on the Linux kernel. A stack-based buffer overflow vulnerability exists in the MSM camera driver used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products. An attacker could exploit this vulnerability to gain elevated privileges when processing parameters passed to the VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO or VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl subdev handlers. TYPO3 is a free and open source content management system (framework) (CMS/CMF) maintained by the Swiss TYPO3 Association. News system (news) is one of the extended components that provides news release functions

Trust: 1.89

sources: NVD: CVE-2013-4748 // JVNDB: JVNDB-2013-003188 // VULHUB: VHN-64741 // VULHUB: VHN-64740 // VULHUB: VHN-64750

AFFECTED PRODUCTS

vendor:georg ringermodel:newsscope:lteversion:1.3.2

Trust: 1.0

vendor:georg ringermodel:news systemscope:ltversion:1.3.3

Trust: 0.8

vendor:georg ringermodel:newsscope:eqversion:1.3.2

Trust: 0.6

sources: JVNDB: JVNDB-2013-003188 // CNNVD: CNNVD-201307-007 // NVD: CVE-2013-4748

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-4748
value: HIGH

Trust: 1.0

NVD: CVE-2013-4748
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201307-007
value: HIGH

Trust: 0.6

VULHUB: VHN-64741
value: MEDIUM

Trust: 0.1

VULHUB: VHN-64740
value: HIGH

Trust: 0.1

VULHUB: VHN-64750
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-4748
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-64741
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:C/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-64740
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

VULHUB: VHN-64750
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-64741 // VULHUB: VHN-64740 // VULHUB: VHN-64750 // JVNDB: JVNDB-2013-003188 // CNNVD: CNNVD-201307-007 // NVD: CVE-2013-4748

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

problemtype:CWE-200

Trust: 0.1

problemtype:CWE-119

Trust: 0.1

sources: VULHUB: VHN-64741 // VULHUB: VHN-64740 // VULHUB: VHN-64750 // JVNDB: JVNDB-2013-003188 // NVD: CVE-2013-4748

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-007

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201307-007

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003188

PATCH
title:News systemurl:http://typo3.org/extensions/repository/view/news
Trust: 0.8
title:TYPO3-EXT-SA-2013-001url:http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003188

EXTERNAL IDS
db:NVDid:CVE-2013-4748
Trust: 2.7
db:OSVDBid:89134
Trust: 1.7
db:JVNDBid:JVNDB-2013-003188
Trust: 0.8
db:CNNVDid:CNNVD-201307-007
Trust: 0.7
db:OPENWALLid:OSS-SECURITY/2013/10/15/4
Trust: 0.2
db:BIDid:63264
Trust: 0.1
db:CNNVDid:CNNVD-201310-659
Trust: 0.1
db:VULHUBid:VHN-64741
Trust: 0.1
db:CNNVDid:CNNVD-201310-658
Trust: 0.1
db:PACKETSTORMid:123704
Trust: 0.1
db:BIDid:63263
Trust: 0.1
db:VULHUBid:VHN-64740
Trust: 0.1
db:VULHUBid:VHN-64750
Trust: 0.1
sources:
            
            
            VULHUB: VHN-64741 // 
            
            
            
            VULHUB: VHN-64740 // 
            
            
            
            VULHUB: VHN-64750 // 
            
            
            
            JVNDB: JVNDB-2013-003188 // 
            
            
            
            CNNVD: CNNVD-201307-007 // 
            
            
            
            NVD: CVE-2013-4748

REFERENCES
url:http://typo3.org/extensions/repository/view/news
Trust: 1.7
url:http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/
Trust: 1.7
url:http://osvdb.org/89134
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/81192
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4748
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4748
Trust: 0.8
url:https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739
Trust: 0.2
url:http://www.openwall.com/lists/oss-security/2013/10/15/4
Trust: 0.2
sources:
            
            
            VULHUB: VHN-64741 // 
            
            
            
            VULHUB: VHN-64740 // 
            
            
            
            VULHUB: VHN-64750 // 
            
            
            
            JVNDB: JVNDB-2013-003188 // 
            
            
            
            CNNVD: CNNVD-201307-007 // 
            
            
            
            NVD: CVE-2013-4748

SOURCES
db:VULHUBid:VHN-64741
db:VULHUBid:VHN-64740
db:VULHUBid:VHN-64750
db:JVNDBid:JVNDB-2013-003188
db:CNNVDid:CNNVD-201307-007
db:NVDid:CVE-2013-4748

LAST UPDATE DATE
2024-11-23T22:31:20.878000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-64741date:2014-02-07T00:00:00
db:VULHUBid:VHN-64740date:2014-02-21T00:00:00
db:VULHUBid:VHN-64750date:2017-08-29T00:00:00
db:JVNDBid:JVNDB-2013-003188date:2013-07-03T00:00:00
db:CNNVDid:CNNVD-201307-007date:2013-08-02T00:00:00
db:NVDid:CVE-2013-4748date:2024-11-21T01:56:18.273

SOURCES RELEASE DATE
db:VULHUBid:VHN-64741date:2014-02-03T00:00:00
db:VULHUBid:VHN-64740date:2014-02-03T00:00:00
db:VULHUBid:VHN-64750date:2013-07-01T00:00:00
db:JVNDBid:JVNDB-2013-003188date:2013-07-03T00:00:00
db:CNNVDid:CNNVD-201307-007date:2013-07-03T00:00:00
db:NVDid:CVE-2013-4748date:2013-07-01T23:55:01.123