CVE-2013-2018 – Multiple SQL injection vulnerabilities in BOINC... (How to Fix)

Q: What is the severity of CVE-2013-2018?

CVE-2013-2018 has a CVSS score of 9.8 (CRITICAL). Multiple SQL injection vulnerabilities in BOINC (Berkeley Open Infrastructure for Network Computing) allow remote attackers to execute arbitrary SQL commands via unspecified vectors. This affects BOINC servers running vulnerable versions, potentially compromising the entire database and server.

📋 TL;DR

Multiple SQL injection vulnerabilities in BOINC (Berkeley Open Infrastructure for Network Computing) allow remote attackers to execute arbitrary SQL commands via unspecified vectors. This affects BOINC servers running vulnerable versions, potentially compromising the entire database and server.

💻 Affected Systems

Products:

BOINC (Berkeley Open Infrastructure for Network Computing)

Versions: Versions prior to the fix (specific version numbers not provided in references)

Operating Systems: All platforms running BOINC

Default Config Vulnerable: ⚠️ Yes

Notes: Affects BOINC server components that handle user input without proper sanitization.

📦 What is this software?

Boinc Client by Universityofcalifornia

View all CVEs affecting Boinc Client →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or full server takeover via SQL injection leading to remote code execution.

🟠

Likely Case

Database information disclosure, data corruption, or privilege escalation through SQL injection attacks.

🟢

If Mitigated

Limited impact with proper input validation, parameterized queries, and network segmentation in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

SQL injection vulnerabilities typically have low exploitation complexity when details are known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched versions released in 2013 (specific version not specified in provided references)

Vendor Advisory: http://www.openwall.com/lists/oss-security/2013/04/28/3

Restart Required: Yes

Instructions:

1. Check current BOINC version. 2. Update to the latest patched version from official BOINC repositories. 3. Restart BOINC services.

🔧 Temporary Workarounds

Input Validation and Sanitization

all

Implement strict input validation and parameterized queries for all user inputs.

Web Application Firewall

all

Deploy WAF with SQL injection protection rules.

🧯 If You Can't Patch

Implement network segmentation to isolate BOINC servers from critical systems
Deploy database activity monitoring and intrusion detection systems

🔍 How to Verify

Check if Vulnerable:

Check BOINC version against known vulnerable versions from 2013 timeframe

Check Version:

boinc --version or check BOINC web interface version

Verify Fix Applied:

Verify BOINC version is updated to post-2013 patched releases

📡 Detection & Monitoring

Log Indicators:

Unusual SQL query patterns in database logs
Multiple failed login attempts with SQL-like syntax

Network Indicators:

Unusual database connection patterns
SQL error messages in HTTP responses

SIEM Query:

SELECT * FROM logs WHERE message LIKE '%SQL%' OR message LIKE '%injection%' OR message LIKE '%UNION%'

📊 Metadata

CVE ID: CVE-2013-2018

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-89

Published: February 20, 2020

Last Updated: July 8, 2025

🔗 References

http://www.openwall.com/lists/oss-security/2013/04/28/3 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/29/11 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/28/3 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2013/04/29/11 Mailing List,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-2018, you might also want to check these: