CVE-2005-3819

vtiger CRM < 4.2 - SQL Injection via HelpDesk user_name and date Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3819. PoCs published by Christopher Kunz.

AI-analyzed exploit summary The provided text describes multiple input validation vulnerabilities in vtiger CRM, including SQL injection, HTML injection, XSS, and local file inclusion. It includes a sample SQL injection payload but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Christopher Kunz · textwebappsphp

https://www.exploit-db.com/exploits/26586

View Code ZIP pw:eip

The provided text describes multiple input validation vulnerabilities in vtiger CRM, including SQL injection, HTML injection, XSS, and local file inclusion. It includes a sample SQL injection payload but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: vtiger CRM (version not specified)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK