VTiger Multiple Flaw Network Vulnerability

Summary

The remote web server contains a PHP application that is affected by multiple flaws. Description: The remote version of this software is prone to arbitrary code execution, directory traversal, SQL injection (allowing authentication bypass), cross-site scripting attacks.

Solution

Upgrade to vtiger 4.5 alpha 2 or later.

References

http://www.hardened-php.net/advisory_232005.105.html
http://www.sec-consult.com/231.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3818, CVE-2005-3819, CVE-2005-3820, CVE-2005-3821, CVE-2005-3822, CVE-2005-3823, CVE-2005-3824
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Adiscon LogAnalyzer Multiple SQL Injection and XSS Vulnerabilities
Alcatel-Lucent OmniPCX Enterprise Remote Command Execution Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities
A Really Simple Chat Multiple SQL Injection Vulnerabilities

vTiger multiple flaw

Take action and discover your vulnerabilities