Search
Find a vulnerability
Search criteria
7 vulnerabilities by vTiger CRM
VAR-201112-0339
Vulnerability from variot - Updated: 2025-04-11 23:15vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability. Attackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access. Versions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lt",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.6,
"vendor": "vtiger",
"version": "\u003c=5.2.x"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pratim",
"sources": [
{
"db": "BID",
"id": "51024"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2011-4679",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2011-5717",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "7d716c21-463f-11e9-be3d-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-52624",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4679",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4679",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5717",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability. \nAttackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access. \nVersions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52624"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4679",
"trust": 3.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5717",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299",
"trust": 0.8
},
{
"db": "BID",
"id": "51024",
"trust": 0.4
},
{
"db": "IVD",
"id": "7D716C21-463F-11E9-BE3D-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "57CA12F8-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52624",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"id": "VAR-201112-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
}
]
},
"last_update_date": "2025-04-11T23:15:35.136000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ticket #7003",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003"
},
{
"title": "Ticket #7004",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004"
},
{
"title": "Oct2011:ODUpdate",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/Oct2011:ODUpdate"
},
{
"title": "Patch for vtiger CRM Leads module security vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37813"
},
{
"title": "vtigercrm-521-530-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41995"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41994"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41993"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003"
},
{
"trust": 2.0,
"url": "http://wiki.vtiger.com/index.php/oct2011:odupdate"
},
{
"trust": 1.7,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4679"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4679"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"date": "2011-12-08T00:00:00",
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-52624"
},
{
"date": "2011-01-04T00:00:00",
"db": "BID",
"id": "51024"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"date": "2011-12-07T19:55:02.440000",
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52624"
},
{
"date": "2011-01-04T00:00:00",
"db": "BID",
"id": "51024"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Leads Module Security Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 0.6
}
}
VAR-201209-0439
Vulnerability from variot - Updated: 2025-04-11 23:09Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.1.0"
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
}
]
},
"cve": "CVE-2012-4867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-4867",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8109",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d720862-463f-11e9-bdf0-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6618136a-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-58148",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4867",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4867",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2012-8109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-078",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-58148",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-58148"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-58148",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58148"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4867",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "18635",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "111075",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-8109",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D720862-463F-11E9-BDF0-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "6618136A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "18770",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72808",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-58148",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"id": "VAR-201209-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
}
]
},
"last_update_date": "2025-04-11T23:09:57.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
},
{
"title": "Patch for vtiger CRM path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/35988"
},
{
"title": "vtigercrm-5.4.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44512"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/18635"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.org/files/111075/vtiger-5.1.0-local-file-inclusion.html"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4867"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4867"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-12T00:00:00",
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"date": "2012-09-12T00:00:00",
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"date": "2012-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-58148"
},
{
"date": "2012-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"date": "2012-09-06T17:55:01.707000",
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"date": "2012-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-58148"
},
{
"date": "2012-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 1.0
}
}
VAR-201112-0340
Vulnerability from variot - Updated: 2025-04-11 23:04Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Attackers can build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to vtiger CRM 5.2.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "rc",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "4"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger crm",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.2.1"
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "51023"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4680",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "57d70116-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52625",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4680",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4680",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Attackers can build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to vtiger CRM 5.2.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52625"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4680",
"trust": 3.6
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-5252",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300",
"trust": 0.8
},
{
"db": "BID",
"id": "51023",
"trust": 0.4
},
{
"db": "IVD",
"id": "57D70116-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52625",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"id": "VAR-201112-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
}
],
"trust": 1.5395833200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
}
]
},
"last_update_date": "2025-04-11T23:04:15.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Jan2011:ODUpdate",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/Jan2011:ODUpdate"
},
{
"title": "Patch for vtiger CRM Cross-Site Scripting Vulnerability (CNVD-2011-5252)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/6258"
},
{
"title": "vtigercrm-521-530-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41995"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41994"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41993"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://wiki.vtiger.com/index.php/jan2011:odupdate"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4680"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4680"
},
{
"trust": 0.6,
"url": "http://wiki.vtiger.com/index.php/jan2011"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-52625"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51023"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"date": "2011-12-07T19:55:02.470000",
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-52625"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51023"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
],
"trust": 0.6
}
}
VAR-201112-0325
Vulnerability from variot - Updated: 2025-04-11 23:02Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php. vTiger CRM Contains a cross-site scripting vulnerability.By a third party, through the following parameters, Web Script or HTML May be inserted. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple cross-site scripting vulnerabilities existed in vTiger CRM 5.2.1 and earlier. The vulnerability stems from the fact that the data provided to the user has not been properly checked. A remote attacker could exploit the vulnerability to execute arbitrary script code in an unknown user's browser in the context of the affected site, stealing a cookie-based authentication certificate and initiating other attacks, or injecting arbitrary web scripts or HTML through multiple parameters, such as: viewname And the activity_mode parameter. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0325",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.5,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aung Khant",
"sources": [
{
"db": "BID",
"id": "49927"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4670",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4670",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2011-5742",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52615",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4670",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4670",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5742",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-013",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52615",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php. vTiger CRM Contains a cross-site scripting vulnerability.By a third party, through the following parameters, Web Script or HTML May be inserted. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple cross-site scripting vulnerabilities existed in vTiger CRM 5.2.1 and earlier. The vulnerability stems from the fact that the data provided to the user has not been properly checked. A remote attacker could exploit the vulnerability to execute arbitrary script code in an unknown user\u0027s browser in the context of the affected site, stealing a cookie-based authentication certificate and initiating other attacks, or injecting arbitrary web scripts or HTML through multiple parameters, such as: viewname And the activity_mode parameter. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nvtiger CRM 5.2.1 is vulnerable; other versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4670"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-52615"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52615",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52615"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4670",
"trust": 3.8
},
{
"db": "BID",
"id": "49927",
"trust": 3.2
},
{
"db": "OSVDB",
"id": "76006",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "76005",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "36203",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "36204",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5742",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111004 VTIGER CRM 5.2.X \u003c= MULTIPLE CROSS SITE SCRIPTING VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "70306",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20111004 VTIGER CRM 5.2.X \u003c= MULTIPLE CROSS SITE SCRIPTING VULNERABILITIES",
"trust": 0.6
},
{
"db": "IVD",
"id": "5A5BACB6-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7E8B80-463F-11E9-BE72-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52615",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"id": "VAR-201112-0325",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
}
]
},
"last_update_date": "2025-04-11T23:02:03.534000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtigerCRM.jp",
"trust": 0.8,
"url": "http://www.vtigercrm.jp/home"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/49927"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2011/oct/154"
},
{
"trust": 1.7,
"url": "http://yehg.net/lab/pr0js/advisories/%5bvtiger_5.2.1%5d_xss"
},
{
"trust": 1.7,
"url": "http://osvdb.org/76005"
},
{
"trust": 1.7,
"url": "http://osvdb.org/76006"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/519993/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/36203/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/36204/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70306"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4670"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4670"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/70306"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/519993/100/0/threaded"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"date": "2011-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-52615"
},
{
"date": "2011-10-04T00:00:00",
"db": "BID",
"id": "49927"
},
{
"date": "2011-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"date": "2011-12-02T16:55:02.420000",
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52615"
},
{
"date": "2011-12-06T19:37:00",
"db": "BID",
"id": "49927"
},
{
"date": "2011-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"date": "2011-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
}
],
"trust": 1.2
}
}
VAR-201111-0152
Vulnerability from variot - Updated: 2025-04-11 19:37SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "5.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "5.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "4.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aung Khant, YGN Ethical Hacker Group and Myanmar",
"sources": [
{
"db": "BID",
"id": "49948"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-4559",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-5753",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4559",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-4559",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2011-5753",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-458",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52504",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nvtiger CRM 5.2.1 is vulnerable; prior versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4559"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52504"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52504",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52504"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4559",
"trust": 3.8
},
{
"db": "BID",
"id": "49948",
"trust": 3.2
},
{
"db": "OSVDB",
"id": "76138",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5753",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300",
"trust": 0.6
},
{
"db": "XF",
"id": "70344",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20111005 VTIGER CRM 5.2.X \u003c= BLIND SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111005 VTIGER CRM 5.2.X \u003c= BLIND SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7D2BF1-463F-11E9-A163-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "5E7E5136-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "36208",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-52504",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"id": "VAR-201111-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
}
]
},
"last_update_date": "2025-04-11T19:37:48.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.vtigercrm.jp/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/49948"
},
{
"trust": 2.0,
"url": "http://yehg.net/lab/pr0js/advisories/%5bvtiger_5.2.1%5d_blind_sqlin"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2011/oct/224"
},
{
"trust": 1.7,
"url": "http://osvdb.org/76138"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/520006/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70344"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4559"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4559"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/70344"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/520006/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.3,
"url": "https://secure.wikimedia.org/wikipedia/en/wiki/vtiger_crm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-30T00:00:00",
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"date": "2011-11-30T00:00:00",
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"date": "2011-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-52504"
},
{
"date": "2011-10-05T00:00:00",
"db": "BID",
"id": "49948"
},
{
"date": "2011-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"date": "2011-11-28T21:55:07.997000",
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52504"
},
{
"date": "2011-12-05T18:07:00",
"db": "BID",
"id": "49948"
},
{
"date": "2011-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"date": "2011-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM Calendar Module SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
}
],
"trust": 1.6
}
}
CVE-2013-3591 (GCVE-0-2013-3591)
Vulnerability from nvd – Published: 2020-02-07 14:15 – Updated: 2024-08-06 16:14
VLAI
Summary
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Severity
No CVSS data available.
CWE
- PHP Code Execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/metasploit… | x_refsource_MISC |
| https://community.rapid7.com/community/metasploit… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63454 | x_refsource_MISC |
| http://www.exploit-db.com/exploits/29319 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| vTiger CRM | vTiger CRM |
Affected:
5.3
Affected: 5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63454"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/29319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vTiger CRM",
"vendor": "vTiger CRM",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vTiger CRM 5.3 and 5.4: \u0027files\u0027 Upload Folder Arbitrary PHP Code Execution Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "PHP Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T14:15:28.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63454"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/29319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vTiger CRM",
"version": {
"version_data": [
{
"version_value": "5.3"
},
{
"version_value": "5.4"
}
]
}
}
]
},
"vendor_name": "vTiger CRM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vTiger CRM 5.3 and 5.4: \u0027files\u0027 Upload Folder Arbitrary PHP Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PHP Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"name": "http://www.securityfocus.com/bid/63454",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/63454"
},
{
"name": "http://www.exploit-db.com/exploits/29319",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/29319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3591",
"datePublished": "2020-02-07T14:15:28.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3591 (GCVE-0-2013-3591)
Vulnerability from cvelistv5 – Published: 2020-02-07 14:15 – Updated: 2024-08-06 16:14
VLAI
Summary
vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability
Severity
No CVSS data available.
CWE
- PHP Code Execution
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://community.rapid7.com/community/metasploit… | x_refsource_MISC |
| https://community.rapid7.com/community/metasploit… | x_refsource_MISC |
| http://www.securityfocus.com/bid/63454 | x_refsource_MISC |
| http://www.exploit-db.com/exploits/29319 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| vTiger CRM | vTiger CRM |
Affected:
5.3
Affected: 5.4 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T16:14:56.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/63454"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/29319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "vTiger CRM",
"vendor": "vTiger CRM",
"versions": [
{
"status": "affected",
"version": "5.3"
},
{
"status": "affected",
"version": "5.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "vTiger CRM 5.3 and 5.4: \u0027files\u0027 Upload Folder Arbitrary PHP Code Execution Vulnerability"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "PHP Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-07T14:15:28.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/63454"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.exploit-db.com/exploits/29319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-3591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "vTiger CRM",
"version": {
"version_data": [
{
"version_value": "5.3"
},
{
"version_value": "5.4"
}
]
}
}
]
},
"vendor_name": "vTiger CRM"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vTiger CRM 5.3 and 5.4: \u0027files\u0027 Upload Folder Arbitrary PHP Code Execution Vulnerability"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "PHP Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"name": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"name": "http://www.securityfocus.com/bid/63454",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/63454"
},
{
"name": "http://www.exploit-db.com/exploits/29319",
"refsource": "MISC",
"url": "http://www.exploit-db.com/exploits/29319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-3591",
"datePublished": "2020-02-07T14:15:28.000Z",
"dateReserved": "2013-05-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T16:14:56.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}