How severe is CVE-2013-10023?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2013-10023?

This is classified as CWE-89, which is a common weakness in software security.

CVE-2013-10023

CRITICAL Year: 2013

CVSS v3 Score

9.8

Critical

CVSS v2 Score

6.5

Medium

Weakness Type

CWE-89

View all →

Vulnerability Description

A vulnerability was found in Editorial Calendar Plugin up to 2.6 on WordPress. It has been declared as critical. Affected by this vulnerability is the function edcal_filter_where of the file edcal.php. The manipulation of the argument edcal_startDate/edcal_endDate leads to sql injection. The attack can be launched remotely. Upgrading to version 2.7 is able to address this issue. The patch is named a9277f13781187daee760b4dfd052b1b68e101cc. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-225151.

CVE-2005-4891

CRITICAL

CVSS:9.8(Critical)

Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL injection vulnerability that allows remote attackers to inject arbitrary SQL statements.

CWE-892005

CVE-2006-5603

CRITICAL

CVSS:9.8(Critical)

SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 3.4.06 allows remote attackers to execute arbitrary SQL commands via the RC parameter. NOTE: the provenance of this information is unkn...

CWE-892006

CVE-2007-10002

CRITICAL

CVSS:9.8(Critical)

A vulnerability, which was classified as critical, has been found in web-cyradm. Affected by this issue is some unknown functionality of the file auth.inc.php. The manipulation of the argument login/l...

CWE-892007

CVE-2007-2534

CRITICAL

CVSS:9.8(Critical)

Multiple SQL injection vulnerabilities in admin.php in phpHoo3 allow remote attackers to execute arbitrary SQL commands via the (1) ADMIN_USER (USER) and (2) ADMIN_PASS (PASS) parameters during a logi...

CWE-892007

CVE-2007-3652

CRITICAL

CVSS:9.8(Critical)

SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same iss...

CWE-892007

CVE-2008-10003

CRITICAL

CVSS:9.8(Critical)

A vulnerability was found in iGamingModules flashgames 1.1.0. It has been classified as critical. Affected is an unknown function of the file game.php. The manipulation of the argument lid leads to sq...

CWE-892008

CVE-2013-10023

Vulnerability Description

Related Vulnerabilities

CVE-2005-4891

CVE-2006-5603

CVE-2007-10002

CVE-2007-2534

CVE-2007-3652

CVE-2008-10003