CVSS: 7.2EPSS: 7%CPEs: 2EXPL: 2CVE-2019-5009 – Vtiger CRM 7.1.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2019-5009
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. • https://www.exploit-db.com/exploits/46065 http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375 http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-January/037852.html https://pentest.com.tr/exploits/Vtiger-CRM-7-1-0-Remote-Code-Execution.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 3CVE-2016-1713 – Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2016-1713
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. Vulnerabilidad de subida de archivos sin restricciones en Vtger CRM 6.4.0 en Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php permite a los usuarios autenticados remotos ejecutar código arbitrario subiendo un archivo de imagen elaborado con una extensión ejecutable y accediendo a ella a través de una solicitud directa al archivo en test/logo/. NOTA: esta vulnerabilidad existe debido a una corrección incompleta para CVE-2015-6000. • https://www.exploit-db.com/exploits/44379 https://www.exploit-db.com/exploits/38345 http://b.fl7.de/2016/01/vtiger-crm-6.4-auth-rce.html http://www.openwall.com/lists/oss-security/2016/01/12/4 http://www.openwall.com/lists/oss-security/2016/01/12/7 - • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4834
https://notcve.org/view.php?id=CVE-2016-4834
modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. modules/Users/actions/Save.php en Vtiger CRM 6.4.0 y versiones anteriores no restringe adecuadamente acciones user-save, lo que permite a usuarios remotos autenticados crear o modificar cuentas de usuarios a través de vectores no especificados. • http://code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68c http://jvn.jp/en/jp/JVN01956993/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000126 http://www.securityfocus.com/bid/92076 http://www.securitytracker.com/id/1036485 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 3CVE-2015-6000 – vTiger CRM 6.3.0 - (Authenticated) Remote Code Execution
https://notcve.org/view.php?id=CVE-2015-6000
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/. Una vulnerabilidad de carga de archivos sin restricciones en la clase Settings_Vtiger_CompanyDetailsSave_Action en el archivo modules/Settings/Vtiger/actions/CompanyDetailsSave.php en Vtiger CRM versiones 6.3.0 y anteriores, permite a usuarios autenticados remotos ejecutar código arbitrario mediante la carga de un archivo con una extensión ejecutable, y luego acceder a él por medio de un petición directa al archivo en test/logo/. Vtiger CRM versions 6.3 and below suffer from an authenticated remote code execution vulnerability. • https://www.exploit-db.com/exploits/38345 http://b.fl7.de/2015/09/vtiger-crm-authenticated-rce-cve-2015-6000.html http://www.securityfocus.com//archive/1/536563/100/0/threaded - • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.4EPSS: 29%CPEs: 1EXPL: 1CVE-2014-2269
https://notcve.org/view.php?id=CVE-2014-2269
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. modules/Users/ForgotPassword.php en vTiger 6.0 anterior a Security Patch 2 permite a atacantes remotos restablecer la contraseña para usuarios arbitrarios a través de una solicitud que contiene los parámetros username, password y confirmPassword. • http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html http://www.securityfocus.com/bid/66758 • CWE-20: Improper Input Validation •