Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2023-38891

Published: 14/09/2023 Updated: 20/09/2023
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 0
Subscribe to Vtiger Crm

Vulnerability Summary

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated malicious user to escalate privileges via the getQueryColumnsList function in ReportRun.php.

Vulnerable Product Search on Vulmon Subscribe to Product

vtiger vtiger crm 7.5.0

Github Repositories

https://github.com/jselliott/CVE-2023-38891

Authenticated SQL Injection Vulnerability in VTiger Open Source CRM v7.5

CVE-2023-38891 Authenticated SQL Injection Vulnerability in VTiger Open Source CRM v75 Discovered by: Jacob Elliott 07/13/23 Summary In the Reports module in VTiger CRM v750, there is insufficient checking of the selected fields for the report which are stored and then later reintroduced as a second-order SQL Injection when the report is run This allows the attacker to leak

References

CWE-89https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Reports/ReportRun.php#L395https://github.com/jselliott/CVE-2023-38891https://nvd.nist.govhttps://github.com/jselliott/CVE-2023-38891
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook