ID

VAR-202001-0885

CVE

CVE-2013-3212

TITLE

vtiger CRM  Vulnerability in injection

DESCRIPTION

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code. vtiger CRM Contains an injection vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. vtiger CRM is prone to multiple local file-include vulnerabilities because it fails to properly sanitize user-supplied input. This may allow the attacker to compromise the application; other attacks are also possible. vtiger CRM 5.4.0 and prior are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the program does not properly filter the input submitted by the user. --------------------------------------------------------------------------------- vtiger CRM <= 5.4.0 (customerportal.php) Two Local File Inclusion Vulnerabilities --------------------------------------------------------------------------------- [-] Software Link: http://www.vtiger.com/ [-] Affected Versions: [1] All versions from 5.1.0 to 5.4.0. [2] All versions from 5.2.0 to 5.4.0. [-] Vulnerability Description: 1) The vulnerable code is located in the get_list_values SOAP method defined in /soap/customerportal.php: 1528. function get_list_values($id,$module,$sessionid,$only_mine='true') 1529. { 1530. require_once('modules/'.$module.'/'.$module.'.php'); 1531. require_once('include/utils/UserInfoUtil.php'); 1532. global $adb,$log,$current_user; 1533. $log->debug("Entering customer portal function get_list_values"); 2) The vulnerable code is located in the get_project_components SOAP method defined in /soap/customerportal.php: 2778. function get_project_components($id,$module,$customerid,$sessionid) { 2779. require_once("modules/$module/$module.php"); 2780. require_once('include/utils/UserInfoUtil.php'); 2781. 2782. global $adb,$log; 2783. $log->debug("Entering customer portal function get_project_components .."); The vulnerabilities exist because these methods fail to properly validate input passed through the "module" parameter, that is being used in a call to the require_once() function (lines 1530 and 2779). This might be exploited to include arbitrary local files containing malicious PHP code. Successful exploitation of these vulnerabilities requires the application running on PHP < 5.3.4, because a null byte injection is required. [-] Solution: Apply the vendor patch:http://www.vtiger.com/blogs/?p=1467 [-] Disclosure Timeline: [13/01/2013] - Vendor notified [06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848 [05/03/2013] - Feedback provided to the vendor [26/03/2013] - Vendor patch released [18/04/2013] - CVE number requested [20/04/2013] - CVE number assigned [01/08/2013] - Public disclosure [-] CVE Reference: The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3212 to these vulnerabilities. [-] Credits: Vulnerabilities discovered by Egidio Romano. [-] Original Advisory: http://karmainsecurity.com/KIS-2013-05

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

injection

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Egidio Romano

SOURCES

LAST UPDATE DATE

2024-08-14T13:25:07.625000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE