Lucene search

[email protected]CVE-2005-3823

HistoryNov 26, 2005 - 2:03 a.m.

CVE-2005-3823

2005-11-2602:03:00

[email protected]

web.nvd.nist.gov

vtiger crm

users module

remote code execution

arbitrary file

templatename parameter

eval function

cve-2005-3823

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

The Users module in vTiger CRM 4.2 and earlier allows remote attackers to execute arbitrary PHP code via an arbitrary file in the templatename parameter, which is passed to the eval function.

Affected configurations

NVD

Node

vtigervtiger_crmRange≤4.2

CPENameOperatorVersion
vtiger:vtiger_crmvtiger vtiger crmle4.2

CPE	Name	Operator	Version
vtiger:vtiger_crm	vtiger vtiger crm	le	4.2

References

marc.info/?l=full-disclosure&m=113290708121951&w=2

secunia.com/advisories/17693

securitytracker.com/id?1015274

www.securityfocus.com/archive/1/417711/30/0/threaded

www.securityfocus.com/bid/15569

www.vupen.com/english/advisories/2005/2569

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.019 Low

EPSS

Percentile

88.6%

JSON

Related for CVE-2005-3823

cvelist1 nvd1 nessus1 openvas1