exploitDog

CVE-2023-38891

Опубликовано: 14 сент. 2023

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

Ссылки

https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Reports/ReportRun.php#L395
Third Party Advisory
https://github.com/jselliott/CVE-2023-38891
Third Party Advisory
https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Reports/ReportRun.php#L395
Third Party Advisory
https://github.com/jselliott/CVE-2023-38891
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vtiger:vtiger_crm:7.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01866

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-rjpm-pp7m-pff4

CVSS3: 8.8

github

больше 2 лет назад

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

EPSS

Процентиль: 83%

0.01866

Низкий

8.8 High

CVSS3

Дефекты

CWE-89