This host is installed with Vtiger CRM and is prone to multiple sql injection vulnerabilities

Successful exploitation will allow attacker to execute arbitrary HTML and script code, bypass certain security restrictions, manipulate certain data, and compromise a vulnerable system. Impact Level: Application

Apply the patch from the below link, https://www.vtiger.com/products/crm/540/VtigerCRM540_Security_Patch.zip ***** NOTE: Ignore this warning, if above mentioned patch is manually applied. *****

Multiple flaws are due to an, - Input passed via multiple parameters to various SOAP methods is not properly sanitised before being used in a SQL query. - Error within the 'validateSession()' function and multiple unspecified errors.

Vtiger CRM version 5.0.0 through 5.4.0

Send a crafted HTTP GET request and check whether it responds with error message.

• http://secunia.com/advisories/54336
• http://www.exploit-db.com/exploits/27279
• http://www.osvdb.com/95899
• http://www.osvdb.com/95900
• https://www.vtiger.com/blogs/?p=1467

---

Updated on 2017-03-28