Details of VAR-201901-0065

ID

VAR-201901-0065

CVE

CVE-2019-5009

TITLE

Vtiger CRM Vulnerable to unlimited upload of dangerous types of files

Trust: 0.8

sources: JVNDB: JVNDB-2019-001735

DESCRIPTION

Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. Vtiger CRM Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There are security vulnerabilities in the actions/CompanyDetailsSave.php file, actions/UpdateCompanyLogo.php file, and models/CompanyDetails.php file in versions prior to Vtiger CRM 7.1.0 Hotfix2

Trust: 1.71

sources: NVD: CVE-2019-5009 // JVNDB: JVNDB-2019-001735 // VULHUB: VHN-156444

AFFECTED PRODUCTS

vendor:	vtiger	model:	crm	scope:	lte	version:	7.1.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	vtiger	model:	crm	scope:	lt	version:	7.1.0	Trust: 0.8
vendor:	vtiger	model:	crm	scope:	eq	version:	7.1.0 hotfix2	Trust: 0.8

sources: JVNDB: JVNDB-2019-001735 // NVD: CVE-2019-5009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-5009
value:	HIGH
Trust: 1.0
NVD:	CVE-2019-5009
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201901-081
value:	HIGH
Trust: 0.6
VULHUB:	VHN-156444
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2019-5009
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-156444
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2019-5009
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2019-5009
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-156444 // JVNDB: JVNDB-2019-001735 // CNNVD: CNNVD-201901-081 // NVD: CVE-2019-5009

PROBLEMTYPE DATA

problemtype:

CWE-434

Trust: 1.9

sources: VULHUB: VHN-156444 // JVNDB: JVNDB-2019-001735 // NVD: CVE-2019-5009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-081

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201901-081

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001735

PATCH

title:	Fixes #1088: Santize filename uploaded with bad-extension	url:	http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375	Trust: 0.8
title:	[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix2) Released	url:	http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-January/037852.html	Trust: 0.8
title:	Vtiger CRM Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88280	Trust: 0.6

sources: JVNDB: JVNDB-2019-001735 // CNNVD: CNNVD-201901-081

EXTERNAL IDS

db:	NVD	id:	CVE-2019-5009	Trust: 2.5
db:	EXPLOIT-DB	id:	46065	Trust: 1.7
db:	JVNDB	id:	JVNDB-2019-001735	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-081	Trust: 0.7
db:	VULHUB	id:	VHN-156444	Trust: 0.1

sources: VULHUB: VHN-156444 // JVNDB: JVNDB-2019-001735 // CNNVD: CNNVD-201901-081 // NVD: CVE-2019-5009

REFERENCES

url:	https://www.exploit-db.com/exploits/46065	Trust: 1.7
url:	http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375	Trust: 1.7
url:	http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-january/037852.html	Trust: 1.7
url:	https://pentest.com.tr/exploits/vtiger-crm-7-1-0-remote-code-execution.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5009	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5009	Trust: 0.8

sources: VULHUB: VHN-156444 // JVNDB: JVNDB-2019-001735 // CNNVD: CNNVD-201901-081 // NVD: CVE-2019-5009

SOURCES

db:	VULHUB	id:	VHN-156444
db:	JVNDB	id:	JVNDB-2019-001735
db:	CNNVD	id:	CNNVD-201901-081
db:	NVD	id:	CVE-2019-5009

LAST UPDATE DATE

2024-11-23T22:12:11.744000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-156444	date:	2019-10-24T00:00:00
db:	JVNDB	id:	JVNDB-2019-001735	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201901-081	date:	2019-10-25T00:00:00
db:	NVD	id:	CVE-2019-5009	date:	2024-11-21T04:44:10.700

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-156444	date:	2019-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2019-001735	date:	2019-03-26T00:00:00
db:	CNNVD	id:	CNNVD-201901-081	date:	2019-01-07T00:00:00
db:	NVD	id:	CVE-2019-5009	date:	2019-01-04T14:29:00.237