Published: 26/11/2005 Updated: 19/10/2018
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and previous versions allow remote malicious users to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

vtiger vtiger crm