ID
VAR-201104-0367
TITLE
vtiger CRM 'sortfieldsjson.php' Local File Include Vulnerability
Trust: 0.3
sources:
BID: 47263
DESCRIPTION
vtiger CRM is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and execute arbitrary local scripts in the context of the webserver process. This may allow the attacker to compromise the application and the underlying computer; other attacks are also possible. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.
Trust: 0.3
sources:
BID: 47263
AFFECTED PRODUCTS
| vendor: | vtiger | model: | crm | scope: | eq | version: | 5.2.1 | Trust: 0.3 |
sources:
BID: 47263
THREAT TYPE
network
Trust: 0.3
sources:
BID: 47263
TYPE
Input Validation Error
Trust: 0.3
sources:
BID: 47263
EXTERNAL IDS
| db: | BID | id: | 47263 | Trust: 0.3 |
sources:
BID: 47263
REFERENCES
| url: | http://www.vtiger.com/ | Trust: 0.3 |
sources:
BID: 47263
CREDITS
John Leitch
Trust: 0.3
sources:
BID: 47263
SOURCES
| db: | BID | id: | 47263 |
LAST UPDATE DATE
2022-05-17T01:37:51.194000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 47263 | date: | 2011-04-08T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 47263 | date: | 2011-04-08T00:00:00 |