Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4559

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-4559
Last Modified 29 Nov 2011 12:00:00
Published 28 Nov 2011 04:55:07
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-4559

Summary

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

Vulnerable Systems

Application

  • Vtiger Crm 1.0

  • Vtiger Crm 2.0

  • Vtiger Crm 2.0.1

  • Vtiger Crm 2.1

  • Vtiger Crm 3.0

  • Vtiger Crm 3.2

  • Vtiger Crm 4.0

  • Vtiger Crm 4.0.1

  • Vtiger Crm 4.2

  • Vtiger Crm 4.2.4

  • Vtiger Crm 5.0.2

  • Vtiger Crm 5.0.3

  • Vtiger Crm 5.0.4

  • Vtiger Crm 5.1.0

  • Vtiger Crm 5.2.0

  • Vtiger Crm 5.2.1


References

MISC - http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin

XF - vtigercrm-index-sql-injection(70344)

BID - 49948

BUGTRAQ - 20111005 vTiger CRM 5.2.x <= Blind SQL Injection Vulnerability

OSVDB - 76138


Last Updated: 27 May 2016 10:57:49