vTiger CRM PHP Code Injection Vulnerability

Summary
vTiger CRM PHP Code Injection Vulnerability
Impact
A remote attacker can write (or overwrite) files with any content, resulting in execution of arbitrary PHP code.
Solution
Apply the patch from the link below or upgrade to version 6.0 or later.
Insight
The installed vTiger CRM is prone to a PHP code injection vulnerability. The AddEmailAttachment SOAP method in /soap/vtigerolservice.php fails to properly validate input passed through the 'filedata' and 'filename' parameters which are used to write an 'email attachement' in the storage direcory.
Affected
vTiger CRM version 5.0.0 to 5.4.0.
Detection
Check the version.
References