Lucene search
HistoryOct 04, 2013 - 8:55 p.m.
CVE-2013-5091
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.002
Percentile
53.3%
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
Affected configurations
Node
vtigervtiger_crmRange≤5.4.0
ORvtigervtiger_crmMatch1.0
ORvtigervtiger_crmMatch2.0
ORvtigervtiger_crmMatch2.0.1
ORvtigervtiger_crmMatch2.1
ORvtigervtiger_crmMatch3.0
ORvtigervtiger_crmMatch3.0beta
ORvtigervtiger_crmMatch3.2
ORvtigervtiger_crmMatch4
ORvtigervtiger_crmMatch4beta
ORvtigervtiger_crmMatch4betait
ORvtigervtiger_crmMatch4rc1
ORvtigervtiger_crmMatch4.0
ORvtigervtiger_crmMatch4.0.1
ORvtigervtiger_crmMatch4.2
ORvtigervtiger_crmMatch4.2validation
ORvtigervtiger_crmMatch4.2patch1
ORvtigervtiger_crmMatch4.2.4
ORvtigervtiger_crmMatch5.0.0
ORvtigervtiger_crmMatch5.0.2
ORvtigervtiger_crmMatch5.0.3
ORvtigervtiger_crmMatch5.0.4
ORvtigervtiger_crmMatch5.0.4rc
ORvtigervtiger_crmMatch5.1.0
ORvtigervtiger_crmMatch5.1.0rc
ORvtigervtiger_crmMatch5.2.0
ORvtigervtiger_crmMatch5.2.1
ORvtigervtiger_crmMatch5.3.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| vtiger | vtiger_crm | * | cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 1.0 | cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 2.0 | cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 2.0.1 | cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 2.1 | cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 3.0 | cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 3.0 | cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:* |
| vtiger | vtiger_crm | 3.2 | cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 4 | cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:* |
| vtiger | vtiger_crm | 4 | cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2013-5091
2013-10-04 20:00:00
CVE-2011-4559
2011-11-28 21:00:00
prion
prion
Sql injection
2013-10-04 20:55:00
Sql injection
2011-11-28 21:55:00
cve
cve
CVE-2013-5091
2013-10-04 20:55:03
CVE-2011-4559
2011-11-28 21:55:07
exploitdb
exploitdb
vTiger CRM 5.4.0 - 'index.php?onlyforuser' SQL Injection
2013-09-20 00:00:00
vTiger CRM 5.2 - 'onlyforuser' SQL Injection
2011-10-15 00:00:00
exploitpack
exploitpack
vTiger CRM 5.4.0 - index.php?onlyforuser SQL Injection
2013-09-20 00:00:00
securityvulns
securityvulns
SQL Injection in vtiger CRM
2013-10-03 00:00:00
openvas
openvas
vTiger CRM Cross Site Scripting and SQL Injection Vulnerabilities
2014-01-03 00:00:00
vtiger CRM 'onlyforuser' Parameter SQL Injection Vulnerability
2011-10-06 00:00:00
htbridge
htbridge
SQL Injection in vtiger CRM
2013-08-07 00:00:00
packetstorm
packetstorm
vtiger CRM 5.4.0 SQL Injection
2013-09-18 00:00:00
zdt
zdt
vtiger CRM 5.4.0 SQL Injection Vulnerability
2013-09-19 00:00:00
nvd
nvd
CVE-2011-4559
2011-11-28 21:55:07
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.002
Percentile
53.3%
Related for NVD:CVE-2013-5091