exploitDog

CVE-2019-11057

Опубликовано: 17 мая 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.

Ссылки

http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-April/037964.html
Vendor Advisory
https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html
Exploit
Third Party Advisory
https://medium.com/%40mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c
http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-April/037964.html
Vendor Advisory
https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html
Exploit
Third Party Advisory
https://medium.com/%40mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*

Версия до 7.0.1 (включая)

cpe:2.3:a:vtiger:vtiger_crm:7.1.0:-:*:*:*:*:*:*

cpe:2.3:a:vtiger:vtiger_crm:7.1.0:hotfix1:*:*:*:*:*:*

cpe:2.3:a:vtiger:vtiger_crm:7.1.0:hotfix2:*:*:*:*:*:*

cpe:2.3:a:vtiger:vtiger_crm:7.1.0:rc:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00599

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-j928-5x47-jv69

CVSS3: 8.8

github

больше 3 лет назад

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.

EPSS

Процентиль: 69%

0.00599

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-89