Lucene search

PRIOn knowledge basePRION:CVE-2010-3909

HistoryNov 26, 2010 - 8:00 p.m.

Design/Logic Flaw

2010-11-2620:00:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.0%

JSON

Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.

CPENameOperatorVersion
vtiger_crmeq3
vtiger_crmeq5.0.3
vtiger_crmle5.2.0
vtiger_crmeq5.1.0
vtiger_crmeq2.0.1
vtiger_crmeq2.0
vtiger_crmeq4.2
vtiger_crmeq4.2 validation
vtiger_crmeq5.0.4
vtiger_crmeq2.1

Name	Operator	Version
vtiger_crm	eq	3
vtiger_crm	eq	5.0.3
vtiger_crm	le	5.2.0
vtiger_crm	eq	5.1.0
vtiger_crm	eq	2.0.1
vtiger_crm	eq	2.0
vtiger_crm	eq	4.2
vtiger_crm	eq	4.2 validation
vtiger_crm	eq	5.0.4
vtiger_crm	eq	2.1

Rows per page:

1-10 of 241

References

secunia.com/advisories/42246

vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/

wiki.vtiger.com/index.php/Vtiger521:Release_Notes

www.securityfocus.com/archive/1/514846/100/0/threaded

www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt

7.8 High

AI Score

Confidence

Low

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

85.0%

JSON

Related for PRION:CVE-2010-3909