11 matches found
CVE-2015-6000
CVE-2015-6000 refers to an Unrestricted file upload vulnerability in Vtiger CRM (Settings_Vtiger_CompanyDetailsSave_Action in modules/Settings/Vtiger/actions/CompanyDetailsSave.php) affecting Vtiger CRM 6.3.0 and earlier. The issue allows remote authenticated users to execute arbitrary code by up...
Vtiger CRM 6.3.0 Authenticated Logo Upload Remote Command Execution Exploit
Vtiger version 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against vTiger CRM versi...
CVE-2015-6000
creationtimestamp| type| source ---|---|--- 2018-07-30 17:42:41+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vtigerlogouploadexec.rb 2025-02-06 03:13:42+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:41+00:00| seen|...
Vtiger CRM - Authenticated Logo Upload RCE
Vtiger 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against vTiger CRM v6.3.0. This module...
Unrestricted file upload
Unrestricted file upload vulnerability in the SettingsVtigerCompanyDetailsSaveAction class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then...
CVE-2016-1713
CVE-2016-1713 concerns Vtiger CRM 6.4.0 where an unrestricted file upload in Settings_Vtiger_CompanyDetailsSave_Action (modules/Settings/Vtiger/actions/CompanyDetailsSave.php) lets a remote authenticated user upload a crafted image with an executable extension and access it via test/logo/ to exec...
Vtiger CRM Authenticated Remote Code Execution (CVE-2015-6000)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vtiger CRM Authenticated Remote Code Execution CVE-2015-6000 http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html 1. Summary 2. Vulnerability Details 3. Exploitation / Proof of Concept 4. Timeline 5. See Also 1. Summary Vtiger CRM...
Vtiger CRM 6.3 Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Vtiger CRM Authenticated Remote Code Execution CVE-2015-6000 1. Summary 2. Vulnerability Details 3. Exploitation / Proof of Concept 4. Timeline 5. See Also 1. Summary Vtiger CRM is a CRM application. Vtiger CRM version 6.3 “Open Source” branch; releas...
vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
vTiger CRM 6.3.0 - Authenticated Remote Code Execution -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exploit Title: Vtiger CRM = 6.3.0 Authenticated Remote Code Execution Date: 2015-09-28 Exploit Author: Benjamin Daniel Mussler Vendor Homepage: https://www.vtiger.com Software Link:...
Vtiger CRM 6.3.0 Authenticated Remote Code Execution
Exploit for php platform in category web applications Exploit Title: Vtiger CRM = 6.3.0 Authenticated Remote Code Execution Date: 2015-09-28 Exploit Author: Benjamin Daniel Mussler Vendor Homepage: https://www.vtiger.com Software Link: https://www.vtiger.com/open-source-downloads/ Version: 6.3.0...
vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Exploit Title: Vtiger CRM = 6.3.0 Authenticated Remote Code Execution Date: 2015-09-28 Exploit Author: Benjamin Daniel Mussler Vendor Homepage: https://www.vtiger.com Software Link: https://www.vtiger.com/open-source-downloads/ Version: 6.3.0 and lowe...