SQL Injection Vulnerability in vtiger CRM Calendar Export Feature
CVE-2020-22807

9.8CRITICAL

Key Information:

Vendor: Vtiger
Status: Vtiger Crm
Vendor: CVE Published:; 29 April 2021

What is CVE-2020-22807?

A SQL injection vulnerability has been identified in the calendar export feature of vtiger CRM version 7.2. This flaw allows an attacker to manipulate SQL queries through the export data functionality, potentially compromising the integrity and confidentiality of the database. Proper validation and sanitization measures should be implemented to mitigate this risk.

References

https://cloud.tencent.com/developer/article/1612208

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 29, 2021
Vulnerability Reserved
Aug 13, 2020

Vtiger

What is CVE-2020-22807?

References

CVSS V3.1

Timeline