Path Traversal in Vtiger Vtiger_crm
CVE-2010-3910
Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) th…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.017 (82.9th percentile) — read the EPSS interpretation.
Affected products
- Vtiger Vtiger_crm — versions 5.0.3, 4.0.1, 5.0.4
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_MISC)
- cve@mitre.org (x_refsource_MISC)
- 42246 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
- cve@mitre.org (x_refsource_MISC)
- 20101116 Vtiger CRM 5.2.0 Multiple Vulnerabilities (mailing-list, x_refsource_BUGTRAQ)