VARIoT Database - Vtiger CRM CVE-2009-3248 Credit

The VARIoT database, updated on April 10, 2025, credits Francesco “ascii” Ongaro among the authors of the discovery of vulnerability CVE-2009-3248 in vtiger CRM 5.0.4 (RSS module). The technical sheet (VAR-200909-0478) attributes the joint credit line to Giovanni “evilaliv3” Pellerano, Antonio “s4tan” Parata, and Ongaro, reporting the original references to the publication on the ush.it site and distribution on platforms such as Exploit-DB, Bugtraq, and SecurityFocus. The vulnerability, classified as cross-site request forgery, allowed a remote attacker to compromise administrative sessions through the rssurl parameter.