CVE-2024-42994 Information

Description

VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement leading to a SQL Injection in the \CompanyDetails\ operation of the \MailManager\ module.

Reference

https://www.shielder.com/advisories/vtiger-mailmanager-sqli/