Daffodil CRM does not properly sanitize its login inputs leading to SQL injection and authentication bypass.
06980cbcaf09d4bab3e41a2def3cc78c1aa54a9a3b18efdb7c26c54d0ddb1eaa
Daffodil CRM does not properly sanities it's inputs on the login page;
http://www.SITE.com:8080/daffodilcrm/userlogin.jsp
Therefore SQL-injection attacks are possible.
PoC could be: 1'or'1'='1
Vendors homepage is: http://www.daffodildb.com/crm/
Please credit to: Preben Nyløkken