Published: 06/02/2020 Updated: 10/02/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 695
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and previous versions allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vtiger vtiger crm


-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 # Exploit Title: Vtiger CRM <= 630 Authenticated Remote Code Execution # Date: 2015-09-28 # Exploit Author: Benjamin Daniel Mussler # Vendor Homepage: wwwvtigercom # Software Link: wwwvtigercom/open-source-downloads/ # Version: 630 (and lower) # Tested on: Linux (Ubuntu) # C ...

Mailing Lists

Vtiger CRM versions 63 and below suffer from an authenticated remote code execution vulnerability ...

Metasploit Modules

Vtiger CRM - Authenticated Logo Upload RCE

Vtiger 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against vTiger CRM v6.3.0.

msf > use exploit/multi/http/vtiger_logo_upload_exec
msf exploit(vtiger_logo_upload_exec) > show targets
msf exploit(vtiger_logo_upload_exec) > set TARGET < target-id >
msf exploit(vtiger_logo_upload_exec) > show options
    ...show and set options...
msf exploit(vtiger_logo_upload_exec) > exploit