Lucene search

[email protected]NVD:CVE-2010-3910

HistoryNov 26, 2010 - 8:00 p.m.

CVE-2010-3910

2010-11-2620:00:03

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.2

Confidence

Low

EPSS

0.011

Percentile

84.2%

JSON

Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a … (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php.

Affected configurations

Nvd

Node

vtigervtiger_crmRange≤5.2.0

vtigervtiger_crmMatch1.0

vtigervtiger_crmMatch2.0

vtigervtiger_crmMatch2.0.1

vtigervtiger_crmMatch2.1

vtigervtiger_crmMatch3

vtigervtiger_crmMatch3.0

vtigervtiger_crmMatch3.0beta

vtigervtiger_crmMatch3.2

vtigervtiger_crmMatch4

vtigervtiger_crmMatch4beta

vtigervtiger_crmMatch4rc1

vtigervtiger_crmMatch4.0

vtigervtiger_crmMatch4.0.1

vtigervtiger_crmMatch4.2

vtigervtiger_crmMatch4.2validation

vtigervtiger_crmMatch4.2.4

vtigervtiger_crmMatch5.0.0

vtigervtiger_crmMatch5.0.2

vtigervtiger_crmMatch5.0.3

vtigervtiger_crmMatch5.0.4

vtigervtiger_crmMatch5.0.4rc

vtigervtiger_crmMatch5.1.0

vtigervtiger_crmMatch5.1.0rc

VendorProductVersionCPE
vtigervtiger_crm*cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*
vtigervtiger_crm1.0cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*
vtigervtiger_crm2.0cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*
vtigervtiger_crm2.0.1cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*
vtigervtiger_crm2.1cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*
vtigervtiger_crm3cpe:2.3:a:vtiger:vtiger_crm:3:*:*:*:*:*:*:*
vtigervtiger_crm3.0cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*
vtigervtiger_crm3.0cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*
vtigervtiger_crm3.2cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*
vtigervtiger_crm4cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
vtiger	vtiger_crm	*	cpe:2.3:a:vtiger:vtiger_crm::::::::
vtiger	vtiger_crm	1.0	cpe:2.3:a:vtiger:vtiger_crm:1.0:::::::*
vtiger	vtiger_crm	2.0	cpe:2.3:a:vtiger:vtiger_crm:2.0:::::::*
vtiger	vtiger_crm	2.0.1	cpe:2.3:a:vtiger:vtiger_crm:2.0.1:::::::*
vtiger	vtiger_crm	2.1	cpe:2.3:a:vtiger:vtiger_crm:2.1:::::::*
vtiger	vtiger_crm	3	cpe:2.3:a:vtiger:vtiger_crm:3:::::::*
vtiger	vtiger_crm	3.0	cpe:2.3:a:vtiger:vtiger_crm:3.0:::::::*
vtiger	vtiger_crm	3.0	cpe:2.3:a:vtiger:vtiger_crm:3.0:beta::::::
vtiger	vtiger_crm	3.2	cpe:2.3:a:vtiger:vtiger_crm:3.2:::::::*
vtiger	vtiger_crm	4	cpe:2.3:a:vtiger:vtiger_crm:4:::::::*