Sign-up

ID

VAR-200609-0075


CVE

CVE-2006-4617


TITLE

vtiger CRM of fileupload.html Vulnerable to uploading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2006-003122

DESCRIPTION

Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder

Trust: 1.71

sources: NVD: CVE-2006-4617 // JVNDB: JVNDB-2006-003122 // VULHUB: VHN-20725

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:lteversion:4.2.4

Trust: 1.8

vendor:vtigermodel:crmscope:eqversion:4.2.4

Trust: 0.6

sources: JVNDB: JVNDB-2006-003122 // CNNVD: CNNVD-200609-055 // NVD: CVE-2006-4617

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-4617
value: HIGH

Trust: 1.0

NVD: CVE-2006-4617
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200609-055
value: HIGH

Trust: 0.6

VULHUB: VHN-20725
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-4617
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-20725
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-20725 // JVNDB: JVNDB-2006-003122 // CNNVD: CNNVD-200609-055 // NVD: CVE-2006-4617

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-4617

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200609-055

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200609-055

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-003122

PATCH
title:vtiger CRMurl:https://www.vtiger.com/crm/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-003122

EXTERNAL IDS
db:NVDid:CVE-2006-4617
Trust: 2.5
db:OSVDBid:28459
Trust: 1.7
db:JVNDBid:JVNDB-2006-003122
Trust: 0.8
db:CNNVDid:CNNVD-200609-055
Trust: 0.7
db:VULHUBid:VHN-20725
Trust: 0.1
sources:
            
            
            VULHUB: VHN-20725 // 
            
            
            
            JVNDB: JVNDB-2006-003122 // 
            
            
            
            CNNVD: CNNVD-200609-055 // 
            
            
            
            NVD: CVE-2006-4617

REFERENCES
url:http://www.security-net.biz/adv/d3906a.txt
Trust: 1.7
url:http://www.osvdb.org/28459
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4617
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4617
Trust: 0.8
sources:
            
            
            VULHUB: VHN-20725 // 
            
            
            
            JVNDB: JVNDB-2006-003122 // 
            
            
            
            CNNVD: CNNVD-200609-055 // 
            
            
            
            NVD: CVE-2006-4617

SOURCES
db:VULHUBid:VHN-20725
db:JVNDBid:JVNDB-2006-003122
db:CNNVDid:CNNVD-200609-055
db:NVDid:CVE-2006-4617

LAST UPDATE DATE
2024-08-14T15:20:01.277000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-20725date:2008-09-05T00:00:00
db:JVNDBid:JVNDB-2006-003122date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200609-055date:2006-09-08T00:00:00
db:NVDid:CVE-2006-4617date:2008-09-05T21:10:09.613

SOURCES RELEASE DATE
db:VULHUBid:VHN-20725date:2006-09-07T00:00:00
db:JVNDBid:JVNDB-2006-003122date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200609-055date:2006-09-06T00:00:00
db:NVDid:CVE-2006-4617date:2006-09-07T00:04:00