CVE-2005-3822

critical

Description

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts module.

References

http://www.vupen.com/english/advisories/2005/2569

http://www.securityfocus.com/bid/15569

http://www.securityfocus.com/archive/1/417711/30/0/threaded

http://securitytracker.com/id?1015274

http://securityreason.com/securityalert/203

http://secunia.com/advisories/17693

http://marc.info/?l=full-disclosure&m=113290708121951&w=2

Details

Source: Mitre, NVD

Published: 2005-11-26

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00816