Sign-up

ID

VAR-201011-0266


CVE

CVE-2010-3911


TITLE

vtiger CRM Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-003274

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. vtiger CRM is prone to a cross-site scripting vulnerability. vtiger CRM is an open source web-based customer relationship management system. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: vtiger CRM Multiple Vulnerabilities SECUNIA ADVISORY ID: SA42246 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42246 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42246/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42246/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42246 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Some vulnerabilities have been discovered in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose sensitive information. 1) An error exists in the file upload functionality due to the emails module not properly checking file names and extensions. This can be exploited to upload and execute arbitrary PHP code e.g. via ".phtml" files. 2) Input passed e.g. via the "lang_crm" parameter to phprint.php or the "current_language" parameter to graph.php is not properly verified in the "return_application_language()" function in include/utils/utils.php before being used to include files. This can be exploited to include arbitrary file from local resources via directory traversal sequences and URL-encoded NULL bytes. Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled. 3) Input passed via the "user_name" and "user_password" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 4) Input passed via the "label" parameter to index.php (when "module" is set to "Settings" and "action" is set to "GetFieldInfo") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerabilities are confirmed in version 5.2.0. Other versions may also be affected. SOLUTION: Update to version 5.2.1. PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi ORIGINAL ADVISORY: vtiger CRM: http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2010-3911 // JVNDB: JVNDB-2010-003274 // BID: 73791 // VULHUB: VHN-46516 // PACKETSTORM: 95988

AFFECTED PRODUCTS

vendor:vtigermodel:crmscope:eqversion:5.0.4

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:5.0.3

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:5.1.0

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:4.2

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:4.0.1

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:4.0

Trust: 1.9

vendor:vtigermodel:crmscope:eqversion:3.0

Trust: 1.6

vendor:vtigermodel:crmscope:eqversion:5.0.2

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:4.2.4

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:4

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:3.2

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:3

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:2.1

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:2.0.1

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:2.0

Trust: 1.3

vendor:vtigermodel:crmscope:eqversion:1.0

Trust: 1.3

vendor:vtigermodel:crmscope:lteversion:5.2.0

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.0.0

Trust: 1.0

vendor:vtigermodel:crmscope:eqversion:5.2.0

Trust: 0.9

vendor:vtigermodel:crmscope:eqversion:5

Trust: 0.9

vendor:vtigermodel:crmscope:ltversion:5.2.1

Trust: 0.8

vendor:vtigermodel:crmscope:eqversion:3.0.1

Trust: 0.3

vendor:vtigermodel:crm rcscope:eqversion:5.1.0

Trust: 0.3

vendor:vtigermodel:crm validationscope:eqversion:4.2

Trust: 0.3

vendor:vtigermodel:crm rc1scope:eqversion:4

Trust: 0.3

vendor:vtigermodel:crm betascope:eqversion:4

Trust: 0.3

vendor:vtigermodel:crm betascope:eqversion:3.0

Trust: 0.3

sources: BID: 73791 // JVNDB: JVNDB-2010-003274 // CNNVD: CNNVD-201011-246 // NVD: CVE-2010-3911

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-3911
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-3911
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201011-246
value: MEDIUM

Trust: 0.6

VULHUB: VHN-46516
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-3911
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-46516
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-46516 // JVNDB: JVNDB-2010-003274 // CNNVD: CNNVD-201011-246 // NVD: CVE-2010-3911

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-46516 // JVNDB: JVNDB-2010-003274 // NVD: CVE-2010-3911

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201011-246

TYPE

xss

Trust: 0.7

sources: PACKETSTORM: 95988 // CNNVD: CNNVD-201011-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-003274

PATCH
title:Vtiger521:Release Notesurl:http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Trust: 0.8
title:vtigercrm-510-521-patchurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32061
Trust: 0.6
title:vtigercrm-5.2.1url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32060
Trust: 0.6
title:vtigercrm-5.2.1url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32059
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2010-003274 // 
            
            
            
            CNNVD: CNNVD-201011-246

EXTERNAL IDS
db:NVDid:CVE-2010-3911
Trust: 2.9
db:SECUNIAid:42246
Trust: 1.8
db:JVNDBid:JVNDB-2010-003274
Trust: 0.8
db:CNNVDid:CNNVD-201011-246
Trust: 0.7
db:BUGTRAQid:20101116 VTIGER CRM 5.2.0 MULTIPLE VULNERABILITIES
Trust: 0.6
db:BIDid:73791
Trust: 0.4
db:VULHUBid:VHN-46516
Trust: 0.1
db:PACKETSTORMid:95988
Trust: 0.1
db:PACKETSTORMid:95931
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46516 // 
            
            
            
            BID: 73791 // 
            
            
            
            JVNDB: JVNDB-2010-003274 // 
            
            
            
            PACKETSTORM: 95988 // 
            
            
            
            PACKETSTORM: 95931 // 
            
            
            
            CNNVD: CNNVD-201011-246 // 
            
            
            
            NVD: CVE-2010-3911

REFERENCES
url:http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
Trust: 2.2
url:http://wiki.vtiger.com/index.php/vtiger521:release_notes
Trust: 2.1
url:http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/
Trust: 2.0
url:http://secunia.com/advisories/42246
Trust: 1.7
url:http://www.securityfocus.com/archive/1/514846/100/0/threaded
Trust: 1.1
url:http://www.securityfocus.com/archive/1/archive/1/514846/100/0/threaded
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3911
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3911
Trust: 0.8
url:http://secunia.com/products/corporate/evm/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/42246/#comments
Trust: 0.1
url:http://secunia.com/advisories/42246/
Trust: 0.1
url:http://secunia.com/products/corporate/vim/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3909
Trust: 0.1
url:http://www.tanasi.it/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3911
Trust: 0.1
url:http://www.vtigercrm.com
Trust: 0.1
url:http://127.0.0.1/vtigercrm/index.php?module=users&action=login&default_user_name
Trust: 0.1
url:http://127.0.0.1/vtigercrm/graph.php?current_language=/../[..]/../
Trust: 0.1
url:http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
Trust: 0.1
url:http://www.ush.it/,
Trust: 0.1
url:http://www.evilaliv3.org/
Trust: 0.1
url:http://secunia.com/
Trust: 0.1
url:http://127.0.0.1/vtigercrm/phprint.php?lang_crm=/../[..]/../
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2010-3910
Trust: 0.1
url:http://127.0.0.1/vtigercrm/index.php?module=settings&action=getfieldinfo&label
Trust: 0.1
url:http://lists.grok.org.uk/full-disclosure-charter.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-46516 // 
            
            
            
            BID: 73791 // 
            
            
            
            JVNDB: JVNDB-2010-003274 // 
            
            
            
            PACKETSTORM: 95988 // 
            
            
            
            PACKETSTORM: 95931 // 
            
            
            
            CNNVD: CNNVD-201011-246 // 
            
            
            
            NVD: CVE-2010-3911

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 73791

SOURCES
db:VULHUBid:VHN-46516
db:BIDid:73791
db:JVNDBid:JVNDB-2010-003274
db:PACKETSTORMid:95988
db:PACKETSTORMid:95931
db:CNNVDid:CNNVD-201011-246
db:NVDid:CVE-2010-3911

LAST UPDATE DATE
2025-04-11T23:04:23.931000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-46516date:2018-10-30T00:00:00
db:BIDid:73791date:2010-11-26T00:00:00
db:JVNDBid:JVNDB-2010-003274date:2012-03-27T00:00:00
db:CNNVDid:CNNVD-201011-246date:2010-11-30T00:00:00
db:NVDid:CVE-2010-3911date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-46516date:2010-11-26T00:00:00
db:BIDid:73791date:2010-11-26T00:00:00
db:JVNDBid:JVNDB-2010-003274date:2012-03-27T00:00:00
db:PACKETSTORMid:95988date:2010-11-19T06:21:45
db:PACKETSTORMid:95931date:2010-11-18T00:23:11
db:CNNVDid:CNNVD-201011-246date:2010-11-30T00:00:00
db:NVDid:CVE-2010-3911date:2010-11-26T20:00:03.970