CVSS: 6.4EPSS: 1%CPEs: 1EXPL: 1CVE-2005-3820
https://notcve.org/view.php?id=CVE-2005-3820
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file. • http://marc.info/?l=full-disclosure&m=113290708121951&w=2 http://secunia.com/advisories/17693 http://securitytracker.com/id?1015271 http://securitytracker.com/id?1015274 http://www.hardened-php.net/advisory_232005.105.html http://www.securityfocus.com/archive/1/417711/30/0/threaded http://www.securityfocus.com/archive/1/417730/30/0/threaded http://www.securityfocus.com/bid/15562 http://www.securityfocus.com/bid/15569 http://www.vupen.com/english/advisories/2005/2569 •