ID
VAR-201011-0429
TITLE
Vtiger CRM Multiple Remote Security Vulnerabilities
Trust: 0.3
DESCRIPTION
Vtiger CRM is prone to an arbitrary-file-upload vulnerability, multiple local file-include vulnerabilities, and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary code in the context of the webserver process, view and execute arbitrary local files within the context of the webserver process, steal cookie-based authentication information, execute arbitrary client-side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Vtiger CRM 5.2.0 is vulnerable; other versions may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | vtiger | model: | crm | scope: | eq | version: | 5.2 | Trust: 0.3 |
THREAT TYPE
network
Trust: 0.3
TYPE
Input Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 44901 | Trust: 0.3 |
REFERENCES
| url: | http://www.vtiger.com/index.php | Trust: 0.3 |
| url: | http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt | Trust: 0.3 |
CREDITS
Giovanni and Alessandro
Trust: 0.3
SOURCES
| db: | BID | id: | 44901 |
LAST UPDATE DATE
2022-05-17T02:10:00.679000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 44901 | date: | 2010-11-17T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 44901 | date: | 2010-11-17T00:00:00 |