ID
VAR-190001-0980
TITLE
vtiger CRM 'class.phpmailer.php' Remote Code Execution Vulnerability
Trust: 0.9
sources:
BID: 49946 //
CNNVD: CNNVD-201110-301
DESCRIPTION
vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected.
Trust: 0.3
sources:
BID: 49946
AFFECTED PRODUCTS
| vendor: | vtiger | model: | crm | scope: | eq | version: | 5.2.1 | Trust: 0.3 |
sources:
BID: 49946
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201110-301
TYPE
input validation
Trust: 0.6
sources:
CNNVD: CNNVD-201110-301
EXTERNAL IDS
| db: | BID | id: | 49946 | Trust: 0.9 |
| db: | CNNVD | id: | CNNVD-201110-301 | Trust: 0.6 |
sources:
BID: 49946 //
CNNVD: CNNVD-201110-301
REFERENCES
| url: | http://www.securityfocus.com/bid/49946 | Trust: 0.6 |
| url: | http://seclists.org/fulldisclosure/2011/oct/223 | Trust: 0.3 |
| url: | http://www.vtiger.com/ | Trust: 0.3 |
sources:
BID: 49946 //
CNNVD: CNNVD-201110-301
CREDITS
Aung Khant
Trust: 0.9
sources:
BID: 49946 //
CNNVD: CNNVD-201110-301
SOURCES
| db: | BID | id: | 49946 |
| db: | CNNVD | id: | CNNVD-201110-301 |
LAST UPDATE DATE
2022-05-17T02:06:55.751000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 49946 | date: | 2011-10-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201110-301 | date: | 2011-10-18T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 49946 | date: | 2011-10-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-201110-301 | date: | 1900-01-01T00:00:00 |