RCE in Vtiger Vtiger_crm
CVE-2010-3909
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml e…
Vulnerability class: RCE (Remote Code Execution)
EPSS: 0.026 (86.0th percentile) — read the EPSS interpretation.
Affected products
- Vtiger Vtiger_crm — versions 5.0.3, 4.0.1, 5.0.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- 42246 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (x_refsource_MISC)
- 20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)