CVE-2011-4559 Information

Description

SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php.

Reference

http://osvdb.org/76138 http://seclists.org/fulldisclosure/2011/Oct/224 http://www.securityfocus.com/archive/1/520006/100/0/threaded http://www.securityfocus.com/bid/49948 http://yehg.net/lab/pr0js/advisories/5BvTiger_5.2.15D_blind_sqlin https://exchange.xforce.ibmcloud.com/vulnerabilities/70344