Summary
This host is installed with Vtiger CRM and is prone to arbitrary file disclosure vulnerability
Impact
Successful exploitation will allow an authenticated remote attacker to gain access to arbitrary files.
Impact Level: Application
Solution
Apply the patch Vtiger CRM 6.0.0 Security patch 1 from the below link, http://softlayer-sng.dl.sourceforge.net/project/vtigercrm/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip or Upgrade to the latest version, For updates refer to https://www.vtiger.com
*****
NOTE: Ignore this warning, if above mentioned patch is manually applied.
*****
Insight
Flaw is due to the /kcfinder/browse.php script not properly sanitizing user input, specifically path traversal style attacks (e.g. '../') supplied via the 'file' parameter.
Affected
Vtiger CRM version 6.0.0 and prior
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-1222 -
CVSS Base Score: 4.0
AV:N/AC:L/Au:S/C:P/I:N/A:N
Related Vulnerabilities