Sign-up

ID

VAR-201209-0439


CVE

CVE-2012-4867


TITLE

vtiger CRM Path traversal vulnerability

Trust: 1.6

sources: IVD: 7d720862-463f-11e9-bdf0-000c29342cb1 // IVD: 6618136a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8109 // CNNVD: CNNVD-201209-078

DESCRIPTION

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information

Trust: 2.61

sources: NVD: CVE-2012-4867 // JVNDB: JVNDB-2012-004162 // CNVD: CNVD-2012-8109 // IVD: 7d720862-463f-11e9-bdf0-000c29342cb1 // IVD: 6618136a-2353-11e6-abef-000c29c66e3d // VULHUB: VHN-58148

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.0

sources: IVD: 7d720862-463f-11e9-bdf0-000c29342cb1 // IVD: 6618136a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8109

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:5.1.0

Trust: 2.4

vendor:vtigermodel:crmscope:eqversion:5.x

Trust: 0.6

vendor:vtiger crmmodel: - scope:eqversion:5.1.0

Trust: 0.4

sources: IVD: 7d720862-463f-11e9-bdf0-000c29342cb1 // IVD: 6618136a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8109 // JVNDB: JVNDB-2012-004162 // CNNVD: CNNVD-201209-078 // NVD: CVE-2012-4867

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4867
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-4867
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2012-8109
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201209-078
value: MEDIUM

Trust: 0.6

IVD: 7d720862-463f-11e9-bdf0-000c29342cb1
value: MEDIUM

Trust: 0.2

IVD: 6618136a-2353-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

VULHUB: VHN-58148
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-4867
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2012-8109
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 7d720862-463f-11e9-bdf0-000c29342cb1
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

IVD: 6618136a-2353-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-58148
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 7d720862-463f-11e9-bdf0-000c29342cb1 // IVD: 6618136a-2353-11e6-abef-000c29c66e3d // CNVD: CNVD-2012-8109 // VULHUB: VHN-58148 // JVNDB: JVNDB-2012-004162 // CNNVD: CNNVD-201209-078 // NVD: CVE-2012-4867

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-58148 // JVNDB: JVNDB-2012-004162 // NVD: CVE-2012-4867

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-078

TYPE

Path traversal

Trust: 1.0

sources: IVD: 7d720862-463f-11e9-bdf0-000c29342cb1 // IVD: 6618136a-2353-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201209-078

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-004162

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-58148

PATCH
title:Top Pageurl:https://www.vtiger.com/crm/
Trust: 0.8
title:Patch for vtiger CRM path traversal vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/35988
Trust: 0.6
title:vtigercrm-5.4.0url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44512
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-8109 // 
            
            
            
            JVNDB: JVNDB-2012-004162 // 
            
            
            
            CNNVD: CNNVD-201209-078

EXTERNAL IDS
db:NVDid:CVE-2012-4867
Trust: 3.5
db:EXPLOIT-DBid:18635
Trust: 1.7
db:PACKETSTORMid:111075
Trust: 1.7
db:CNNVDid:CNNVD-201209-078
Trust: 1.1
db:CNVDid:CNVD-2012-8109
Trust: 1.0
db:JVNDBid:JVNDB-2012-004162
Trust: 0.8
db:IVDid:7D720862-463F-11E9-BDF0-000C29342CB1
Trust: 0.2
db:IVDid:6618136A-2353-11E6-ABEF-000C29C66E3D
Trust: 0.2
db:EXPLOIT-DBid:18770
Trust: 0.1
db:SEEBUGid:SSVID-72808
Trust: 0.1
db:VULHUBid:VHN-58148
Trust: 0.1
sources:
            
            
            IVD: 7d720862-463f-11e9-bdf0-000c29342cb1 // 
            
            
            
            IVD: 6618136a-2353-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2012-8109 // 
            
            
            
            VULHUB: VHN-58148 // 
            
            
            
            JVNDB: JVNDB-2012-004162 // 
            
            
            
            CNNVD: CNNVD-201209-078 // 
            
            
            
            NVD: CVE-2012-4867

REFERENCES
url:http://www.exploit-db.com/exploits/18635
Trust: 1.7
url:http://packetstormsecurity.org/files/111075/vtiger-5.1.0-local-file-inclusion.html
Trust: 1.7
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4867
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4867
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2012-8109 // 
            
            
            
            VULHUB: VHN-58148 // 
            
            
            
            JVNDB: JVNDB-2012-004162 // 
            
            
            
            CNNVD: CNNVD-201209-078 // 
            
            
            
            NVD: CVE-2012-4867

SOURCES
db:IVDid:7d720862-463f-11e9-bdf0-000c29342cb1
db:IVDid:6618136a-2353-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2012-8109
db:VULHUBid:VHN-58148
db:JVNDBid:JVNDB-2012-004162
db:CNNVDid:CNNVD-201209-078
db:NVDid:CVE-2012-4867

LAST UPDATE DATE
2025-04-11T23:09:57.012000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-8109date:2012-09-12T00:00:00
db:VULHUBid:VHN-58148date:2012-09-07T00:00:00
db:JVNDBid:JVNDB-2012-004162date:2012-09-10T00:00:00
db:CNNVDid:CNNVD-201209-078date:2012-09-12T00:00:00
db:NVDid:CVE-2012-4867date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:IVDid:7d720862-463f-11e9-bdf0-000c29342cb1date:2012-09-12T00:00:00
db:IVDid:6618136a-2353-11e6-abef-000c29c66e3ddate:2012-09-12T00:00:00
db:CNVDid:CNVD-2012-8109date:2012-09-12T00:00:00
db:VULHUBid:VHN-58148date:2012-09-06T00:00:00
db:JVNDBid:JVNDB-2012-004162date:2012-09-10T00:00:00
db:CNNVDid:CNNVD-201209-078date:2012-09-12T00:00:00
db:NVDid:CVE-2012-4867date:2012-09-06T17:55:01.707