1 results (0.006 seconds)
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-38891
https://notcve.org/view.php?id=CVE-2023-38891
SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. Una vulnerabilidad de inyección SQL en Vtiger CRM v.7.5.0 permite a un atacante remoto autenticado escalar privilegios a través de la función getQueryColumnsList en ReportRun.php. • https://github.com/jselliott/CVE-2023-38891 https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/Reports/ReportRun.php#L395 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •