X2CRM Profile Picture Arbitrary File Upload Vulnerability


Description   Secunia Research has discovered a vulnerability in X2CRM, which can be exploited by malicious users to compromise a vulnerable system.
The vulnerability is caused due to the ProfileController::actionUploadPhoto() method defined in the
/protected/controllers/ProfileController.php script allowing the upload of files with arbitrary extensions to a folder inside the webroot. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script.
The vulnerability is confirmed in versions 3.7.3, 3.7.4, and 3.7.5. Other versions may also be affected.
     
Vulnerable Products   Vulnerable Software:
X2CRM 3.x
     
Solution   Apply the vendor patch or upgrade to version 4.0. http://x2community.com/index.php?app=core&module=attach&attach_id=344
     
CVE   CVE-2014-2664
     
References   X2CRM:
http://x2community.com/topic/1511-multiple-vulnerabilities-in-x2engine/#entry7354
http://x2community.com/topic/1535-x2engine-40/
Secunia Research:
http://secunia.com/secunia_research/2014-4/
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Upload of a PHP file in a vulnerable web application
5.0.0
     


 
 
 
 
 Risk level 
Moderate 

 Vulnerability First Public Report Date 
2014-03-28 

 Target Type 
Server 

 Possible exploit 
Remote