Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and previous versions allow remote malicious users to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vtiger vtiger crm 4.2 |