CVE-2013-5697

high

Published 2013-09-30 · Modified 2026-04-29

CVSS v3

—

CVSS v2

7.5

VIR risk

7.5

Description

SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions
simone_tellini	mod_accounting	`{"endIncluding":"0.5"}`
apache	http_server	`1.3`
apache	http_server	`1.3.0`
apache	http_server	`1.3.1`
apache	http_server	`1.3.1.1`
apache	http_server	`1.3.2`
apache	http_server	`1.3.3`
apache	http_server	`1.3.4`
apache	http_server	`1.3.5`
apache	http_server	`1.3.6`
apache	http_server	`1.3.7`
apache	http_server	`1.3.8`
apache	http_server	`1.3.9`
apache	http_server	`1.3.10`
apache	http_server	`1.3.11`
apache	http_server	`1.3.12`
apache	http_server	`1.3.13`
apache	http_server	`1.3.14`
apache	http_server	`1.3.15`
apache	http_server	`1.3.16`
apache	http_server	`1.3.17`
apache	http_server	`1.3.18`
apache	http_server	`1.3.19`
apache	http_server	`1.3.20`
apache	http_server	`1.3.22`
apache	http_server	`1.3.23`
apache	http_server	`1.3.24`
apache	http_server	`1.3.25`
apache	http_server	`1.3.26`
apache	http_server	`1.3.27`
apache	http_server	`1.3.28`
apache	http_server	`1.3.29`
apache	http_server	`1.3.30`
apache	http_server	`1.3.31`
apache	http_server	`1.3.32`
apache	http_server	`1.3.33`
apache	http_server	`1.3.34`
apache	http_server	`1.3.35`
apache	http_server	`1.3.36`
apache	http_server	`1.3.37`
apache	http_server	`1.3.38`
apache	http_server	`1.3.39`
apache	http_server	`1.3.41`
apache	http_server	`1.3.42`
apache	http_server	`1.3.65`
apache	http_server	`1.3.68`

References

CWEs

CWE-89

Verify integrity in audit chain (admin only). AS-IS.