|
Description
|
|
High-Tech Bridge SA has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system.
1) Input passed to the "file" parameter in index.php is not properly verified before being used to include files. This can be exploited to include arbitrary files within the vtiger CRM deployment path and execute arbitrary PHP code by e.g. including a previously uploaded file with ".txt" extension containing PHP code via directory traversal sequences and URL-encoded NULL bytes.
2) Input passed to the "module" and "action" parameters in graph.php is not properly verified before being used to include files. This can be exploited to include arbitrary files within the vtiger CRM deployment path and execute arbitrary PHP code by e.g. including a previously uploaded file with ".txt" extension containing PHP code via directory traversal sequences and URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.
The vulnerabilities are confirmed in version 5.2.1. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
vtiger CRM 5.x
|
|
|
|
|
|
Solution
|
|
Update to version 5.3.0 RC.
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
HTB23054:
https://www.htbridge.ch/advisory/local_file_inclusion_in_vtigercrm.html
vtiger CRM:
http://vtiger.com/blogs/?p=894
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
