Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2014-1222

Published: 12/08/2014 Updated: 09/10/2018
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
VMScore: 415
Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Summary

Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM prior to 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vtiger vtiger crm

Exploits

Exploit DB: Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
# Exploit Title: FiyoCMS Multiple Vulnerabilities # Date: 29 March 2015 # Exploit Author: Mahendra # Vendor Homepage: wwwfiyoorg # Software Link: sourceforgenet/projects/fiyo-cms/ # Version: 2018, other version might be vulnerable # Tested : Kali Linux 109a-amd64 # CVE(s): CVE-2014-9145,CVE-2014-9146,CVE-2014-9147,CVE-2014-9148 *Ad ...
Exploit DB: KCFinder 2.51 - Local File Disclosure
--------------------------------------------------- # Exploit Title: KCFinder Local File Disclosure # Author: DaOne # Vendor Homepage: kcfindersunhatercom/ # Category: webapps/php # Version: 251 + old versions # Google dork: inurl:kcfinder/browsephp --------------------------------------------------- [#] Tested on their own demo -P ...
Exploit DB: vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
CVE: CVE-2014-1222 Vendor: Vtiger Product: CRM Affected version: Vtiger 540, 60 RC & 600 GA Fixed version: Vtiger 600 Security patch 1 Reported by: Jerzy Kramarz Details: A local file inclusion vulnerability was discovered in the ‘kcfinder’ component of the vtiger CRM 60 RC This could be exploited to include arbitrary files ...
Exploit DB: FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass
FiyoCMS version 2018 suffers from url bypass, cross site scripting, and remote SQL injection vulnerabilities ...
Exploit DB: Vtiger CRM 5.4.0 / 6.0 RC / 6.0.0 GA Local File Inclusion
Vtiger CRM versions 540, 60 RC, and 600 GA suffer from a local file inclusion vulnerability ...

References

CWE-22http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/downloadhttps://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/http://www.securityfocus.com/archive/1/531423/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/36581/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380CVE-2024-1694local file inclusionCVE-2024-5645CVE-2024-24919XSSCVE-2024-36774CVE-2024-21306SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook