Details of VAR-202404-2329

ID

VAR-202404-2329

CVE

CVE-2023-46304

TITLE

Vtiger of Vtiger CRM Injection vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-028748

DESCRIPTION

modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load). Vtiger of Vtiger CRM There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2023-46304 // JVNDB: JVNDB-2023-028748

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	eq	version:	7.5.0	Trust: 1.8
vendor:	vtiger	model:	crm	scope:	-	version:	-	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-028748 // NVD: CVE-2023-46304

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-46304
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2023-028748
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2023-46304
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2023-028748
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-028748 // NVD: CVE-2023-46304

PROBLEMTYPE DATA

problemtype:	CWE-74	Trust: 1.0
problemtype:	injection (CWE-74) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-028748 // NVD: CVE-2023-46304

EXTERNAL IDS

db:	NVD	id:	CVE-2023-46304	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-028748	Trust: 0.8

sources: JVNDB: JVNDB-2023-028748 // NVD: CVE-2023-46304

REFERENCES

url:	https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/users/models/module.php	Trust: 1.8
url:	https://code.vtiger.com/vtiger/vtigercrm/-/commit/317f9ca88b6bbded11058f20a1d232717c360d43	Trust: 1.8
url:	https://github.com/jselliott/cve-2023-46304	Trust: 1.8
url:	https://www.vtiger.com/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2023-46304	Trust: 0.8

sources: JVNDB: JVNDB-2023-028748 // NVD: CVE-2023-46304

SOURCES

db:	JVNDB	id:	JVNDB-2023-028748
db:	NVD	id:	CVE-2023-46304

LAST UPDATE DATE

2025-04-25T01:55:54.465000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-028748	date:	2025-04-23T02:25:00
db:	NVD	id:	CVE-2023-46304	date:	2025-04-22T17:53:58.067

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-028748	date:	2025-04-23T00:00:00
db:	NVD	id:	CVE-2023-46304	date:	2024-04-30T13:15:46.763