Vulnerability Details CVE-2005-3822
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.4%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=full-disclosure&m=113290708121951&w=2
- http://secunia.com/advisories/17693
- http://securityreason.com/securityalert/203
- http://securitytracker.com/id?1015274
- http://www.securityfocus.com/archive/1/417711/30/0/threaded
- http://www.securityfocus.com/bid/15569
- http://www.vupen.com/english/advisories/2005/2569
- http://marc.info/?l=full-disclosure&m=113290708121951&w=2
- http://secunia.com/advisories/17693
- http://securityreason.com/securityalert/203
- http://securitytracker.com/id?1015274
- http://www.securityfocus.com/archive/1/417711/30/0/threaded
- http://www.securityfocus.com/bid/15569
- http://www.vupen.com/english/advisories/2005/2569
Products affected by CVE-2005-3822
-
cpe:2.3:a:vtiger:vtiger_crm:1.0
-
cpe:2.3:a:vtiger:vtiger_crm:2.0
-
cpe:2.3:a:vtiger:vtiger_crm:2.0.1
-
cpe:2.3:a:vtiger:vtiger_crm:2.1
-
cpe:2.3:a:vtiger:vtiger_crm:3.0
-
cpe:2.3:a:vtiger:vtiger_crm:3.2
-
cpe:2.3:a:vtiger:vtiger_crm:4
-
cpe:2.3:a:vtiger:vtiger_crm:4.0
-
cpe:2.3:a:vtiger:vtiger_crm:4.0.1
-
cpe:2.3:a:vtiger:vtiger_crm:4.2