Added: 01/10/2014
CVE: CVE-2013-3214
BID: 61558
OSVDB: 95902
vTiger CRM is a customer relationship management application written in PHP.
An arbitrary file upload vulnerability when handling SOAP AddEmailAttachment requests allows remote attackers to execute arbitrary commands by uploading PHP scripts under the web root.
Upgrade to version 6.0 when available, or apply the patch. Note that the patch only prevents exploitation by unauthenticated attackers.
<http://seclists.org/bugtraq/2013/Aug/7>
Exploit works on vTiger CRM 5.4.0.