Vulnerability Information: Vulnerability ID: VDB-213461, CVE-2022-3955, GCVE-100-213461 Title: Tholum CRM42 Login class.user.php user_name SQL Injection Severity: Critical Summary: A vulnerability has been found in Tholum CRM42. The affected element is an unknown function of the file of the component . The manipulation of the argument leads to SQL injection. The vulnerability is documented as CVE-2022-3955. The attack can be initiated remotely. An exploit exists. Details: Component: Tholum CRM42 Affected File: CVE: CVE-2022-3955 CWE: CWE-89 Impact: Confidentiality, integrity, and availability Release Date: 11/11/2022 Advisory Source: github.com Exploit: Available at github.com, proof-of-concept Attack Technique: MITRE ATT&CK T1505 Countermeasures: None known, replace affected object with an alternative product