752 B
752 B
CVE-2011-4559
Description
SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.
POC
Reference
- http://seclists.org/fulldisclosure/2011/Oct/224
- http://yehg.net/lab/pr0js/advisories/%5BvTiger_5.2.1%5D_blind_sqlin
Github
No PoCs found on GitHub currently.