Lucene search

[email protected]NVD:CVE-2010-3909

HistoryNov 26, 2010 - 8:00 p.m.

CVE-2010-3909

2010-11-2620:00:03

CWE-94

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

7.3

Confidence

Low

EPSS

0.01

Percentile

84.2%

JSON

Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.

Affected configurations

Nvd

Node

vtigervtiger_crm

vtigervtiger_crmRange≤5.2.0

vtigervtiger_crmMatch1.0

vtigervtiger_crmMatch2.0

vtigervtiger_crmMatch2.0.1

vtigervtiger_crmMatch2.1

vtigervtiger_crmMatch3

vtigervtiger_crmMatch3.0

vtigervtiger_crmMatch3.0beta

vtigervtiger_crmMatch3.2

vtigervtiger_crmMatch4

vtigervtiger_crmMatch4beta

vtigervtiger_crmMatch4rc1

vtigervtiger_crmMatch4.0

vtigervtiger_crmMatch4.0.1

vtigervtiger_crmMatch4.2

vtigervtiger_crmMatch4.2validation

vtigervtiger_crmMatch4.2.4

vtigervtiger_crmMatch5.0.0

vtigervtiger_crmMatch5.0.2

vtigervtiger_crmMatch5.0.3

vtigervtiger_crmMatch5.0.4

vtigervtiger_crmMatch5.0.4rc

vtigervtiger_crmMatch5.1.0

vtigervtiger_crmMatch5.1.0rc

VendorProductVersionCPE
vtigervtiger_crm*cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
vtigervtiger_crm1.0cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*
vtigervtiger_crm2.0cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*
vtigervtiger_crm2.0.1cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*
vtigervtiger_crm2.1cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*
vtigervtiger_crm3cpe:2.3:a:vtiger:vtiger_crm:3:*:*:*:*:*:*:*
vtigervtiger_crm3.0cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*
vtigervtiger_crm3.0cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*
vtigervtiger_crm3.2cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*
vtigervtiger_crm4cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vtiger	vtiger_crm	*	cpe:2.3:a:vtiger:vtiger_crm::::::::
vtiger	vtiger_crm	1.0	cpe:2.3:a:vtiger:vtiger_crm:1.0:::::::*
vtiger	vtiger_crm	2.0	cpe:2.3:a:vtiger:vtiger_crm:2.0:::::::*
vtiger	vtiger_crm	2.0.1	cpe:2.3:a:vtiger:vtiger_crm:2.0.1:::::::*
vtiger	vtiger_crm	2.1	cpe:2.3:a:vtiger:vtiger_crm:2.1:::::::*
vtiger	vtiger_crm	3	cpe:2.3:a:vtiger:vtiger_crm:3:::::::*
vtiger	vtiger_crm	3.0	cpe:2.3:a:vtiger:vtiger_crm:3.0:::::::*
vtiger	vtiger_crm	3.0	cpe:2.3:a:vtiger:vtiger_crm:3.0:beta::::::
vtiger	vtiger_crm	3.2	cpe:2.3:a:vtiger:vtiger_crm:3.2:::::::*
vtiger	vtiger_crm	4	cpe:2.3:a:vtiger:vtiger_crm:4:::::::*