Vtiger CRM Multiple Remote Security Vulnerabilities Network Vulnerability

Summary

Vtiger CRM is prone to an arbitrary-file-upload vulnerability, multiple local file-include vulnerabilities, and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary code in the context of the webserver process, view and execute arbitrary local files within the context of the webserver process, steal cookie-based authentication information, execute arbitrary client- side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Vtiger CRM 5.2.0 is vulnerable other versions may also be affected.

References

http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
http://www.vtiger.com/index.php
https://www.securityfocus.com/bid/44901

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3910
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A Really Simple Chat Multiple XSS Vulnerabilities
Apache Struts Directory Traversal Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
Apache ActiveMQ Multiple Vulnerabilities

Take action and discover your vulnerabilities