What is CVE-2015-6000?

CVE-2015-6000 is a vulnerability in Vtiger Crm. Published 2020-02-06.

Is CVE-2015-6000 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Vtiger Crm

CVE-2015-6000

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary…

EPSS: 0.768 (99.0th percentile) — read the EPSS interpretation.

Affected products

Vtiger Crm — versions 6.3.0 and earlier

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon

References

b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html (x_refsource_MISC)
www.exploit-db.com/exploits/38345/ (x_refsource_MISC)
www.securityfocus.com//archive/1/536563/100/0/threaded (x_refsource_MISC)

Frequently asked questions

What is CVE-2015-6000?: CVE-2015-6000 is a vulnerability in Vtiger Crm. Published 2020-02-06.
Is CVE-2015-6000 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.