Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vtiger CRM SQL注入漏洞
Vulnerability Description
Vtiger CRM是美国Vtiger公司的一套基于SugarCRM开发的客户关系管理系统(CRM)。该管理系统提供管理、收集、分析客户信息等功能。 vTiger CRM 5.0.0至5.4.0版本中存在SQL注入漏洞,该漏洞源于soap/customerportal.php脚本没有正确过滤get_picklists方法中的‘picklist_name’参数;soap/customerportal.php脚本没有正确过滤get_tickets_list方法中的‘where’参数;soap/vtigerol
CVSS Information
N/A
Vulnerability Type
N/A