SQL Injection Vulnerability in CiviCRM Quick Search API

SQL Injection Vulnerability in CiviCRM Quick Search API

CVE-2013-4662 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.