Lucene search
HistoryNov 28, 2011 - 9:55 p.m.
CVE-2011-4559
cve-2011-4559
sql injection
vtiger crm
calendar module
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.6 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.2%
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
Affected configurations
Node
vtigervtiger_crmRange≤5.2.1
ORvtigervtiger_crmMatch1.0
ORvtigervtiger_crmMatch2.0
ORvtigervtiger_crmMatch2.0.1
ORvtigervtiger_crmMatch2.1
ORvtigervtiger_crmMatch3.0
ORvtigervtiger_crmMatch3.0beta
ORvtigervtiger_crmMatch3.2
ORvtigervtiger_crmMatch4.0
ORvtigervtiger_crmMatch4.0.1
ORvtigervtiger_crmMatch4.2
ORvtigervtiger_crmMatch4.2validation
ORvtigervtiger_crmMatch4.2.4
ORvtigervtiger_crmMatch5.0.2
ORvtigervtiger_crmMatch5.0.3
ORvtigervtiger_crmMatch5.0.4
ORvtigervtiger_crmMatch5.0.4rc
ORvtigervtiger_crmMatch5.1.0
ORvtigervtiger_crmMatch5.1.0rc
ORvtigervtiger_crmMatch5.2.0
Related
nvd
nvd
CVE-2011-4559
2011-11-28 21:55:07
CVE-2013-5091
2013-10-04 20:55:03
prion
prion
Sql injection
2011-11-28 21:55:00
Sql injection
2013-10-04 20:55:00
openvas
openvas
vtiger CRM 'onlyforuser' Parameter SQL Injection Vulnerability
2011-10-06 00:00:00
cvelist
cvelist
CVE-2011-4559
2011-11-28 21:00:00
CVE-2013-5091
2022-10-03 16:14:56
cve
cve
CVE-2013-5091
2022-10-03 16:14:56
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.6 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.2%
Related for CVE-2011-4559