Vulners
Lucene search
vtiger CRM 5.4.0 SQL Injection Vulnerability
| Reporter | Title | Published | Views | Family All 13 |
|---|---|---|---|---|
 | CVE-2013-5091 | 4 Oct 201320:00 | – | cve |
 | CVE-2013-5091 | 4 Oct 201320:00 | – | cvelist |
 | vTiger CRM 5.4.0 - 'index.php?onlyforuser' SQL Injection | 20 Sep 201300:00 | – | exploitdb |
 | EUVD-2013-4933 | 7 Oct 202500:30 | – | euvd |
 | vTiger CRM 5.4.0 - index.php?onlyforuser SQL Injection | 20 Sep 201300:00 | – | exploitpack |
 | SQL Injection in vtiger CRM | 7 Aug 201300:00 | – | htbridge |
 | CVE-2013-5091 | 4 Oct 201320:55 | – | nvd |
 | Vtiger CRM <= 5.4.0 Multiple Vulnerabilities | 3 Jan 201400:00 | – | openvas |
 | vtiger CRM 5.4.0 SQL Injection | 18 Sep 201300:00 | – | packetstorm |
 | Sql injection | 4 Oct 201320:55 | – | prion |
10
Product: vtiger CRM
Vendor: vtiger
Vulnerable Version(s): 5.4.0 and probably prior
Tested Version: 5.4.0
Vendor Notification: August 7, 2013
Vendor Patch: September 17, 2013
Public Disclosure: September 18, 2013
Vulnerability Type: SQL Injection [CWE-89]
CVE Reference: CVE-2013-5091
Risk Level: Medium
CVSSv2 Base Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Solution Status: Fixed by Vendor
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )
-----------------------------------------------------------------------------------------------
Advisory Details:
High-Tech Bridge Security Research Lab discovered SQL injection vulnerability in vtiger CRM, which can be exploited to execute arbitrary SQL commands in application's database.
1) SQL Injection in vtiger CRM: CVE-2013-5091
The vulnerability exists due to insufficient validation of "onlyforuser" HTTP GET parameter passed to "/index.php" script. A remote authenticated user can execute arbitrary SQL commands in application's database.
The following exploitation example displays version of MySQL server:
http://[host]/index.php?action=index&day=22&hour=0&module=Calendar&month=7&onlyforuser=1%20%20UNION%20SELECT%201,2,3,4,5,6,version%28%29,8,9,10,11,12,13,14,15,16,17,18,19,20,1,22,23,24,25,26,27,28,29,30,31,32%20--%20&parenttab=My%20Home%20Page&subtab=event&view=day&viewOption=hourview&year=2013
Successful exploitation of this vulnerability requires the attacker to be registered and logged-in. The registration is disabled by default.
-----------------------------------------------------------------------------------------------
Solution:
Vendor has issued a fixed version of the vulnerable script "VtigerCRM540_Security_Patch2.zip" available for download at:
http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/
-----------------------------------------------------------------------------------------------
# 0day.today [2018-01-11] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Sep 2013 00:00Current
8.1High risk
Vulners AI Score8.1
EPSS0.00353