CVE-2023-38891

Published September 14th, 2023

View on NVD ↗

CVSS v3

8.8

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.

jselliott/CVE-2023-38891

Authenticated SQL Injection Vulnerability in VTiger Open Source CRM v7.5

GitHub