Lucene search

[email protected]CVE-2005-3820

HistoryNov 26, 2005 - 2:03 a.m.

CVE-2005-3820

2005-11-2602:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-3820

vtiger crm

directory traversal

vulnerability

remote code execution

nvd

7.7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.012 Low

EPSS

Percentile

84.9%

JSON

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via … (dot dot) and null byte (“%00”) sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.

CPENameOperatorVersion
vtiger:vtiger_crmvtiger vtiger crmle4.2

CPE	Name	Operator	Version
vtiger:vtiger_crm	vtiger vtiger crm	le	4.2

References

marc.info/?l=full-disclosure&m=113290708121951&w=2

secunia.com/advisories/17693

securitytracker.com/id?1015271

securitytracker.com/id?1015274

www.hardened-php.net/advisory_232005.105.html

www.securityfocus.com/archive/1/417711/30/0/threaded

www.securityfocus.com/archive/1/417730/30/0/threaded

www.securityfocus.com/bid/15562

www.securityfocus.com/bid/15569

www.vupen.com/english/advisories/2005/2569

7.7 High

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for CVE-2005-3820

cvelist1 nessus1 openvas1