Published: 14/04/2017 Updated: 02/04/2018
CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8
CVSS v3 Base Score: 7.3 | Impact Score: 5.9 | Exploitability Score: 1.3
VMScore: 900
Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

Vulnerability Summary

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

vtiger vtiger crm 6.4.0


## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::FileDropper def initialize(info = {}) super(update_info(info, ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 # Exploit Title: Vtiger CRM <= 630 Authenticated Remote Code Execution # Date: 2015-09-28 # Exploit Author: Benjamin Daniel Mussler # Vendor Homepage: wwwvtigercom # Software Link: wwwvtigercom/open-source-downloads/ # Version: 630 (and lower) # Tested on: Linux (Ubuntu) # C ...

Metasploit Modules

Vtiger CRM - Authenticated Logo Upload RCE

Vtiger 6.3.0 CRM's administration interface allows for the upload of a company logo. Instead of uploading an image, an attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This module was tested against vTiger CRM v6.3.0.

msf > use exploit/multi/http/vtiger_logo_upload_exec
msf exploit(vtiger_logo_upload_exec) > show targets
msf exploit(vtiger_logo_upload_exec) > set TARGET < target-id >
msf exploit(vtiger_logo_upload_exec) > show options
    ...show and set options...
msf exploit(vtiger_logo_upload_exec) > exploit