VTiger Multiple Flaw Network Vulnerability

Summary

The remote web server contains a PHP application that is affected by multiple flaws. Description: The remote version of this software is prone to arbitrary code execution, directory traversal, SQL injection (allowing authentication bypass), cross-site scripting attacks.

Solution

Upgrade to vtiger 4.5 alpha 2 or later.

References

http://www.hardened-php.net/advisory_232005.105.html
http://www.sec-consult.com/231.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2005-3818, CVE-2005-3819, CVE-2005-3820, CVE-2005-3821, CVE-2005-3822, CVE-2005-3823, CVE-2005-3824

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
AWCM CMS Multiple Remote File Include Vulnerabilities
AjaXplorer zoho plugin Directory Traversal Vulnerability
appRain CMF SQL Injection And Cross Site Scripting Vulnerabilities
Apple Safari PDF Javascript Security Bypass Bypass Vulnerability

vTiger multiple flaw

Take action and discover your vulnerabilities