Sign-up

ID

VAR-201011-0265


CVE

CVE-2010-3910


TITLE

vtiger CRM of return_application_language Function vulnerable to directory traversal

Trust: 0.8

sources: JVNDB: JVNDB-2010-003273

DESCRIPTION

Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. vtiger CRM of return_application_language The function contains a directory traversal vulnerability.By a third party, phprint.php To lang_crm Parameters, or fraph.php To Accouonts Import In operation current_language In the parameter .. ( Half-width period 2 One ) Via file inclusion and arbitrary local files could be executed. vtiger CRM is prone to a file-upload vulnerability. vtiger CRM is an open source web-based customer relationship management system. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42246 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42246 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42246/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42246/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42246 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) An error exists in the file upload functionality due to the emails module not properly checking file names and extensions. This can be exploited to upload and execute arbitrary PHP code e.g. via ".phtml" files. 2) Input passed e.g. via the "lang_crm" parameter to phprint.php or the "current_language" parameter to graph.php is not properly verified in the "return_application_language()" function in include/utils/utils.php before being used to include files. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 3) Input passed via the "user_name" and "user_password" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "label" parameter to index.php (when "module" is set to "Settings" and "action" is set to "GetFieldInfo") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 5.2.0. Other versions may also be affected. SOLUTION: Update to version 5.2.1. PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi ORIGINAL ADVISORY: vtiger CRM: http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-3910 // JVNDB: JVNDB-2010-003273 // BID: 78763 // VULHUB: VHN-46515 // PACKETSTORM: 95988

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:5.0.4

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:5.0.3

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:5.1.0

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:4.2

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:4

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:3.0

Trust: 1.6

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:4.2.4

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:4.0.1

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:4.0

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:3.2

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:3

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:2.1

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:2.0.1

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:2.0

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:1.0

Trust: 1.3

vendor:vtigermodel:crmscope:lteversion:5.2.0

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.0

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.2.0

Trust: 0.9

vendor:vtigermodel:crmscope:eqversion:5

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.2.1

Trust: 0.8

vendor:vtigermodel:crmscope:eqversion:3.0.1

Trust: 0.3

vendor:vtigermodel:crm rcscope:eqversion:5.1.0

Trust: 0.3

vendor:vtigermodel:crm rcscope:eqversion:5.0.4

Trust: 0.3

vendor:vtigermodel:crm validationscope:eqversion:4.2

Trust: 0.3

vendor:vtigermodel:crm rc1scope:eqversion:4

Trust: 0.3

vendor:vtigermodel:crm betascope:eqversion:4

Trust: 0.3

vendor:vtigermodel:crm betascope:eqversion:3.0

Trust: 0.3

sources: BID: 78763 // JVNDB: JVNDB-2010-003273 // CNNVD: CNNVD-201011-247 // NVD: CVE-2010-3910

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3910
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3910
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-247
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46515
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3910
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46515
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46515 // JVNDB: JVNDB-2010-003273 // CNNVD: CNNVD-201011-247 // NVD: CVE-2010-3910

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-46515 // JVNDB: JVNDB-2010-003273 // NVD: CVE-2010-3910

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-247

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201011-247

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003273

PATCH
title:Vtiger521:Release Notesurl:http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Trust: 0.8
title:vtigercrm-510-521-patchurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32061
Trust: 0.6
title:vtigercrm-5.2.1url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32060
Trust: 0.6
title:vtigercrm-5.2.1url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32059
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-003273 // 
            
            
            
            CNNVD: CNNVD-201011-247

EXTERNAL IDS
db:NVDid:CVE-2010-3910
Trust: 2.9
db:SECUNIAid:42246
Trust: 1.8
db:JVNDBid:JVNDB-2010-003273
Trust: 0.8
db:CNNVDid:CNNVD-201011-247
Trust: 0.7
db:BUGTRAQid:20101116 VTIGER CRM 5.2.0 MULTIPLE VULNERABILITIES
Trust: 0.6
db:BIDid:78763
Trust: 0.4
db:VULHUBid:VHN-46515
Trust: 0.1
db:PACKETSTORMid:95988
Trust: 0.1
db:PACKETSTORMid:95931
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46515 // 
            
            
            
            BID: 78763 // 
            
            
            
            JVNDB: JVNDB-2010-003273 // 
            
            
            
            PACKETSTORM: 95988 // 
            
            
            
            PACKETSTORM: 95931 // 
            
            
            
            CNNVD: CNNVD-201011-247 // 
            
            
            
            NVD: CVE-2010-3910

REFERENCES
url:http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
Trust: 2.2
url:http://wiki.vtiger.com/index.php/vtiger521:release_notes
Trust: 2.1
url:http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/
Trust: 2.0
url:http://secunia.com/advisories/42246
Trust: 1.7
url:http://www.securityfocus.com/archive/1/514846/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/514846/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3910
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3910
Trust: 0.8
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/42246/#comments
Trust: 0.1
url:http://secunia.com/advisories/42246/
Trust: 0.1
url:http://secunia.com/products/corporate/vim/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3909
Trust: 0.1
url:http://www.tanasi.it/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3911
Trust: 0.1
url:http://www.vtigercrm.com
Trust: 0.1
url:http://127.0.0.1/vtigercrm/index.php?module=users&action=login&default_user_name
Trust: 0.1
url:http://127.0.0.1/vtigercrm/graph.php?current_language=/../[..]/../
Trust: 0.1
url:http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Trust: 0.1
url:http://www.ush.it/,
Trust: 0.1
url:http://www.evilaliv3.org/
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://127.0.0.1/vtigercrm/phprint.php?lang_crm=/../[..]/../
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3910
Trust: 0.1
url:http://127.0.0.1/vtigercrm/index.php?module=settings&action=getfieldinfo&label
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46515 // 
            
            
            
            BID: 78763 // 
            
            
            
            JVNDB: JVNDB-2010-003273 // 
            
            
            
            PACKETSTORM: 95988 // 
            
            
            
            PACKETSTORM: 95931 // 
            
            
            
            CNNVD: CNNVD-201011-247 // 
            
            
            
            NVD: CVE-2010-3910

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 78763

SOURCES
db:VULHUBid:VHN-46515
db:BIDid:78763
db:JVNDBid:JVNDB-2010-003273
db:PACKETSTORMid:95988
db:PACKETSTORMid:95931
db:CNNVDid:CNNVD-201011-247
db:NVDid:CVE-2010-3910

LAST UPDATE DATE
2025-04-11T23:04:23.889000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-46515date:2018-10-30T00:00:00
db:BIDid:78763date:2010-11-26T00:00:00
db:JVNDBid:JVNDB-2010-003273date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-247date:2010-11-30T00:00:00
db:NVDid:CVE-2010-3910date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-46515date:2010-11-26T00:00:00
db:BIDid:78763date:2010-11-26T00:00:00
db:JVNDBid:JVNDB-2010-003273date:2012-03-27T00:00:00
db:PACKETSTORMid:95988date:2010-11-19T06:21:45
db:PACKETSTORMid:95931date:2010-11-18T00:23:11
db:CNNVDid:CNNVD-201011-247date:2010-11-30T00:00:00
db:NVDid:CVE-2010-3910date:2010-11-26T20:00:03.940