7.7 High
AI Score
Confidence
Low
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
0.012 Low
EPSS
Percentile
84.9%
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via … (dot dot) and null byte (“%00”) sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
CPE | Name | Operator | Version |
---|---|---|---|
vtiger:vtiger_crm | vtiger vtiger crm | le | 4.2 |
marc.info/?l=full-disclosure&m=113290708121951&w=2
secunia.com/advisories/17693
securitytracker.com/id?1015271
securitytracker.com/id?1015274
www.hardened-php.net/advisory_232005.105.html
www.securityfocus.com/archive/1/417711/30/0/threaded
www.securityfocus.com/archive/1/417730/30/0/threaded
www.securityfocus.com/bid/15562
www.securityfocus.com/bid/15569
www.vupen.com/english/advisories/2005/2569