CVE-2010-3909:vtiger_crm: Incomplete blacklist vulnerability in config.templa...

VRDA Feed by

Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis

[ about VRDA Feed | JPCERT/CC ]

Vulnerability Analysis Result (Revision No : 1)

[ Download XML ]

CVE-2010-3909

vtiger_crm: Incomplete blacklist vulnerability in config.templa...

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3909

Original

Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.

Translation (Show)

About This Analysis Information

Analysis Information Provider:

NIST NVD

First Published:

2010-11-26

Source Information Category:

Advisory, Alert

Last Updated:

2010-11-29

Affected Product Tags

cpe:/a:vtiger:vtiger_crm

cpe:/a:vtiger:vtiger_crm:1.0

cpe:/a:vtiger:vtiger_crm:2.0

cpe:/a:vtiger:vtiger_crm:2.0.1

cpe:/a:vtiger:vtiger_crm:2.1

cpe:/a:vtiger:vtiger_crm:3

cpe:/a:vtiger:vtiger_crm:3.0

cpe:/a:vtiger:vtiger_crm:3.0:beta

cpe:/a:vtiger:vtiger_crm:3.2

cpe:/a:vtiger:vtiger_crm:4

cpe:/a:vtiger:vtiger_crm:4.0

cpe:/a:vtiger:vtiger_crm:4.0.1

cpe:/a:vtiger:vtiger_crm:4.2

cpe:/a:vtiger:vtiger_crm:4.2.4

cpe:/a:vtiger:vtiger_crm:4.2::validation

cpe:/a:vtiger:vtiger_crm:4:beta

cpe:/a:vtiger:vtiger_crm:4:rc1

cpe:/a:vtiger:vtiger_crm:5

cpe:/a:vtiger:vtiger_crm:5.0.2

cpe:/a:vtiger:vtiger_crm:5.0.3

cpe:/a:vtiger:vtiger_crm:5.0.4

cpe:/a:vtiger:vtiger_crm:5.0.4:rc

cpe:/a:vtiger:vtiger_crm:5.1.0

cpe:/a:vtiger:vtiger_crm:5.1.0:rc

cpe:/a:vtiger:vtiger_crm:5.2.0 and previous versions

Vulnerability Analysis Results

[Access Vector] ^[?]

Undefined^[?]

Local^[?]

Adjacent Network^[?]

Network^[?]

[Access Complexit] ^[?]

Undefined^[?]

High^[?]

Medium^[?]

Low^[?]

[Authentication] ^[?]

Undefined^[?]

Multiple^[?]

Single^[?]

None^[?]

[Confidentiality Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Integrity Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

[Availability Impact] ^[?]

Undefined^[?]

None^[?]

Partial^[?]

Complete^[?]

Alternatives

References

BUGTRAQ 20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities

MISC http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt

MISC http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes

MISC http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/

SECUNIA 42246

Vulnerability Type Code Injection (CWE-94)Other (NVD-CWE-Other)