Summary
Vtiger CRM is prone to an arbitrary-file-upload vulnerability, multiple local file-include vulnerabilities, and multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.
Attackers can exploit these issues to upload and execute arbitrary code in the context of the webserver process, view and execute arbitrary local files within the context of the webserver process, steal cookie-based authentication information, execute arbitrary client- side scripts in the context of the browser, and obtain sensitive information. Other attacks are also possible.
Vtiger CRM 5.2.0 is vulnerable
other versions may also be affected.
References
Severity
Classification
-
CVE CVE-2010-3910 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- An Image Gallery Multiple Cross-Site Scripting Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- 12Planet Chat Server one2planet.infolet.InfoServlet XSS