CVE-2013-3081

high

Published 2014-06-09 · Modified 2026-05-06

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://github.com/JojoCMS/Jojo-CMS/commit/972757c4500d94b4b1306bf092e678add3a987d8

Application impact

Vendor	Product	Versions
jojocms	jojo-cms	`{"endIncluding":"1.2.1"}`
jojocms	jojo-cms	`1.1`
jojocms	jojo-cms	`1.2`

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/84285
https://github.com/JojoCMS/Jojo-CMS/commit/972757c4500d94b4b1306bf092e678add3a987d8
https://www.htbridge.com/advisory/HTB23153
https://exchange.xforce.ibmcloud.com/vulnerabilities/84285
https://github.com/JojoCMS/Jojo-CMS/commit/972757c4500d94b4b1306bf092e678add3a987d8
https://www.htbridge.com/advisory/HTB23153

CWEs

CWE-89

Verify integrity in audit chain (admin only). AS-IS.