Vtiger CRM Multiple Remote Security Vulnerabilities

Summary
Vtiger CRM is prone to an arbitrary-file-upload vulnerability, multiple local file-include vulnerabilities, and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Attackers can exploit these issues to upload and execute arbitrary code in the context of the webserver process, view and execute arbitrary local files within the context of the webserver process, steal cookie-based authentication information, execute arbitrary client- side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible. Vtiger CRM 5.2.0 is vulnerable other versions may also be affected.
References