Lucene search

[email protected]NVD:CVE-2011-4559

HistoryNov 28, 2011 - 9:55 p.m.

CVE-2011-4559

2011-11-2821:55:07

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

45.1%

JSON

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

Affected configurations

Nvd

Node

vtigervtiger_crmRange≤5.2.1

vtigervtiger_crmMatch1.0

vtigervtiger_crmMatch2.0

vtigervtiger_crmMatch2.0.1

vtigervtiger_crmMatch2.1

vtigervtiger_crmMatch3.0

vtigervtiger_crmMatch3.0beta

vtigervtiger_crmMatch3.2

vtigervtiger_crmMatch4.0

vtigervtiger_crmMatch4.0.1

vtigervtiger_crmMatch4.2

vtigervtiger_crmMatch4.2validation

vtigervtiger_crmMatch4.2.4

vtigervtiger_crmMatch5.0.2

vtigervtiger_crmMatch5.0.3

vtigervtiger_crmMatch5.0.4

vtigervtiger_crmMatch5.0.4rc

vtigervtiger_crmMatch5.1.0

vtigervtiger_crmMatch5.1.0rc

vtigervtiger_crmMatch5.2.0

VendorProductVersionCPE
vtigervtiger_crm*cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
vtigervtiger_crm1.0cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*
vtigervtiger_crm2.0cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*
vtigervtiger_crm2.0.1cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*
vtigervtiger_crm2.1cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*
vtigervtiger_crm3.0cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*
vtigervtiger_crm3.0cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*
vtigervtiger_crm3.2cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*
vtigervtiger_crm4.0cpe:2.3:a:vtiger:vtiger_crm:4.0:*:*:*:*:*:*:*
vtigervtiger_crm4.0.1cpe:2.3:a:vtiger:vtiger_crm:4.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vtiger	vtiger_crm	*	cpe:2.3:a:vtiger:vtiger_crm::::::::
vtiger	vtiger_crm	1.0	cpe:2.3:a:vtiger:vtiger_crm:1.0:::::::*
vtiger	vtiger_crm	2.0	cpe:2.3:a:vtiger:vtiger_crm:2.0:::::::*
vtiger	vtiger_crm	2.0.1	cpe:2.3:a:vtiger:vtiger_crm:2.0.1:::::::*
vtiger	vtiger_crm	2.1	cpe:2.3:a:vtiger:vtiger_crm:2.1:::::::*
vtiger	vtiger_crm	3.0	cpe:2.3:a:vtiger:vtiger_crm:3.0:::::::*
vtiger	vtiger_crm	3.0	cpe:2.3:a:vtiger:vtiger_crm:3.0:beta::::::
vtiger	vtiger_crm	3.2	cpe:2.3:a:vtiger:vtiger_crm:3.2:::::::*
vtiger	vtiger_crm	4.0	cpe:2.3:a:vtiger:vtiger_crm:4.0:::::::*
vtiger	vtiger_crm	4.0.1	cpe:2.3:a:vtiger:vtiger_crm:4.0.1:::::::*

Rows per page:

1-10 of 201

References

osvdb.org/76138

seclists.org/fulldisclosure/2011/Oct/224

www.securityfocus.com/archive/1/520006/100/0/threaded

www.securityfocus.com/bid/49948

yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin

exchange.xforce.ibmcloud.com/vulnerabilities/70344

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.001

Percentile

45.1%

JSON

Related for NVD:CVE-2011-4559

exploitdb1 prion2 openvas1 cve2 cvelist2 nvd1