Published: 06/09/2012 Updated: 07/09/2012
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote malicious users to read arbitrary files via a .. (dot dot) in the module_name parameter.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

vtiger vtiger crm 5.1.0


# Exploit Title: VTiger CRM # Google Dork: None # Date: 20/03/2012 # Author: Pi3rrot # Software Link: sourceforgenet/projects/vtigercrm/files/vtiger%20CRM%20510/ # Version: 510 # Tested on: CentOS 6 # CVE : none We have find this vulnerabilitie in VTiger 510 In this example, you can see a Local file Inclusion in the file sortfieldsjs ...