Skip to main content

Vtiger Crm CVE-2019-11057

HIGH
SQL Injection (CWE-89)
2019-05-17 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
May 17, 2019 - 17:29 nvd
HIGH 8.8

DescriptionNVD

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands.

AnalysisAI

SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. Affected products include: Vtiger Vtiger Crm. Version information: before 7.1.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.

CVE-2014-2268 MEDIUM POC
5.0 Nov 16

views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which all

CVE-2016-1713 HIGH POC
7.3 Apr 14

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger

CVE-2026-23697 HIGH POC
8.7 Jul 07

Remote code execution in Vtiger CRM before 8.4.0 lets an authenticated low-privileged user upload a malicious .phar file

CVE-2019-19202 HIGH POC
8.8 Nov 21

In Vtiger 7.x before 7.2.0, the My Preferences saving functionality allows a user without administrative privileges to c

CVE-2026-23698 HIGH POC
8.6 Jul 07

Authenticated remote code execution in Vtiger CRM through version 8.4.0 lets an administrator upload a crafted ZIP archi

CVE-2024-42995 HIGH POC
8.3 Aug 16

VTiger CRM <= 8.1.0 does not correctly check user privileges. Rated high severity (CVSS 8.3), this vulnerability is remo

CVE-2013-3213 HIGH POC
7.5 Apr 02

Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL

CVE-2024-42994 HIGH POC
7.2 Aug 16

VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection

CVE-2019-5009 HIGH POC
7.2 Jan 04

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the upload

CVE-2014-2269 MEDIUM POC
6.4 Apr 22

modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for

CVE-2012-4867 MEDIUM POC
5.0 Sep 06

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote at

CVE-2013-5091 MEDIUM POC
6.5 Oct 04

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated u

Share

CVE-2019-11057 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy