Authenticated SQL Injection Vulnerability in VTiger Open Source CRM v7.5
CVE-2023-38891 Authenticated SQL Injection Vulnerability in VTiger Open Source CRM v75 Discovered by: Jacob Elliott 07/13/23 Summary In the Reports module in VTiger CRM v750, there is insufficient checking of the selected fields for the report which are stored and then later reintroduced as a second-order SQL Injection when the report is run This allows the attacker to leak