Vtiger CRM Multiple Input Validation Vulnerabilities Network Vulnerability

Summary

vtiger CRM is prone to multiple input-validation vulnerabilities: - A remote PHP code-execution vulnerability - Multiple local file-include vulnerabilities - A cross-site scripting vulnerability - Multiple cross-site request-forgery vulnerabilities Attackers can exploit these issues to execute arbitrary script code within the context of the webserver, perform unauthorized actions, compromise the affected application, steal cookie-based authentication credentials, or obtain information that could aid in further attacks. The issues affect vtiger CRM 5.0.4 other versions may also be affected.

Solution

Reportedly, the vendor fixed some of the issues in the latest release, but Symantec has not confirmed this information.

References

http://www.securityfocus.com/archive/1/505834
http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt
http://www.vtiger.com/
https://www.securityfocus.com/bid/36062

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3247

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adobe JRun Management Console Multiple Vulnerabilities
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
11in1 Cross Site Request Forgery and Local File Include Vulnerabilities
Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability

vtiger CRM Multiple Input Validation Vulnerabilities

Take action and discover your vulnerabilities