Vtiger CRM Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

vtiger CRM is prone to multiple input-validation vulnerabilities: - A remote PHP code-execution vulnerability - Multiple local file-include vulnerabilities - A cross-site scripting vulnerability - Multiple cross-site request-forgery vulnerabilities Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks. The issues affect vtiger CRM 5.0.4 other versions may also be affected.

Solution

Reportedly, the vendor fixed some of the issues in the latest release, but Symantec has not confirmed this information.

References

http://www.securityfocus.com/archive/1/505834
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
http://www.vtiger.com/
https://www.securityfocus.com/bid/36062

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3247
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache Struts Showcase Multiple Persistence Cross-Site Scripting Vulnerabilities
Apache Subversion Module Metadata Accessible
Allaire JRun directory browsing vulnerability
Apple Safari Multiple Vulnerabilities
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability

vtiger CRM Multiple Input Validation Vulnerabilities

Take action and discover your vulnerabilities