CVE-2005-3822

Name of the Vulnerable Software and Affected Versions vTiger CRM versions 4.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the username in the login form or the record parameter, as seen in the EditView action for the Contacts module.

Recommendations For versions 4.2 and earlier, consider disabling the login form or restricting access to the EditView action in the Contacts module until a fix is available. Avoid using the username and record parameters in sensitive operations to minimize the risk of exploitation.