Summary
vtiger CRM is prone to multiple input-validation vulnerabilities:
- A remote PHP code-execution vulnerability
- Multiple local file-include vulnerabilities
- A cross-site scripting vulnerability
- Multiple cross-site request-forgery vulnerabilities
Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks.
The issues affect vtiger CRM 5.0.4
other versions may also be
affected.
Solution
Reportedly, the vendor fixed some of the issues in the latest release, but Symantec has not confirmed this information.
References
Severity
Classification
-
CVE CVE-2009-3247 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities