vendor:
vtiger CRM
by:
7.5
CVSS
HIGH
Input Validation
20, 74, 79, 98
CWE
Product Name: vtiger CRM
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Multiple input validation vulnerabilities in vtiger CRM
vtiger CRM is prone to multiple SQL injection, HTML injection, cross-site scripting, and local file include vulnerabilities. An attacker can exploit these issues to gain administrative access, retrieve username and password pairs, steal cookie-based authentication credentials, and retrieve arbitrary local files in the context of the Web server process.
Mitigation:
Apply the latest patches or updates provided by the vendor. Implement input validation to ensure that user-supplied data is properly sanitized.