Jacob Elliott

**Name of the Vulnerable Software and Affected Versions** Vtiger CRM version 7.5.0 **Description** A SQL injection issue allows a remote authenticated attacker to escalate privileges via the `getQueryColumnsList` function in `ReportRun.php`. This enables the attacker to potentially gain higher access levels within the system. **Recommendations** For Vtiger CRM version 7.5.0, update to a version that includes a fix for this issue, as using the `getQueryColumnsList` function in `ReportRun.php` can lead to privilege escalation. As a temporary workaround, consider restricting access to the `ReportRun.php` file or disabling the `getQueryColumnsList` function until a patch is available.