SQL Injection Vulnerability in CiviCRM Quick Search API
CVE-2013-4662 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:P/A:P
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.