CVE-2005-3822
- EPSS 0.82%
- Veröffentlicht 26.11.2005 02:03:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username in the login form or (2) record parameter, as demonstrated in the EditView action for the Contacts modu...
CVE-2005-3821
- EPSS 0.53%
- Veröffentlicht 26.11.2005 02:03:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via multiple vectors, including the account name.
CVE-2005-3820
- EPSS 1.16%
- Veröffentlicht 26.11.2005 02:03:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) m...
CVE-2005-3819
- EPSS 1.99%
- Veröffentlicht 26.11.2005 02:03:00
- Zuletzt bearbeitet 16.04.2026 00:27:16
Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier allow remote attackers to inject arbitrary SQL commands and bypass authentication via the (1) user_name and (2) date parameter in the HelpDesk module.