CVE-2011-4559 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2011-4559

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

Published: Nov 28, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-4559
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
vtiger / vtiger_crm	5.0.3	5.0.3.x
vtiger / vtiger_crm	-	5.2.1.x
vtiger / vtiger_crm	5.1.0	5.1.0.x
vtiger / vtiger_crm	5.2.0	5.2.0.x
vtiger / vtiger_crm	2.0.1	2.0.1.x
vtiger / vtiger_crm	2.0	2.0.x
vtiger / vtiger_crm	4.2	4.2.x
vtiger / vtiger_crm	5.0.4	5.0.4.x
vtiger / vtiger_crm	2.1	2.1.x
vtiger / vtiger_crm	5.1.0-rc	5.1.0-rc.x
vtiger / vtiger_crm	4.0	4.0.x
vtiger / vtiger_crm	3.0-beta	3.0-beta.x
vtiger / vtiger_crm	3.0	3.0.x
vtiger / vtiger_crm	5.0.2	5.0.2.x
vtiger / vtiger_crm	3.2	3.2.x
vtiger / vtiger_crm	5.0.4-rc	5.0.4-rc.x
vtiger / vtiger_crm	1.0	1.0.x
vtiger / vtiger_crm	4.2.4	4.2.4.x
vtiger / vtiger_crm	4.0.1	4.0.1.x