CVE-2009-3250
vTiger CRM 5.0.4 - Remote Code Execution / Cross-Site Request Forgery / Local File Inclusion / Cross-Site Scripting
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
5Exploited in Wild
-Decision
Descriptions
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
El procedimiento "saveForwardAttachments" de la funcionalidad "Crear correo" de vtiger CRM v5.0.4 permite a usuarios remotos autenticados ejecutar código de su elección creando un mensaje de correo electrónico con un fichero adjunto cuyo nombre acabe en (1) .php en entornos basados en configuraciones determinadas del servidor HTTP Apache, (2) .php. en Windows, o (3) .php/ en Linux; y, a continuación, realizando una petición directa a una ruta de directorio bajostorage/.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-08-18 First Exploit
- 2009-09-18 CVE Reserved
- 2009-09-18 CVE Published
- 2023-11-06 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (9)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=125060676515670&w=2 | Mailing List | |
| http://www.osvdb.org/57237 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9450 | 2009-08-18 | |
| http://www.exploit-db.com/exploits/9450 | 2024-08-07 | |
| http://www.securityfocus.com/bid/36062 | 2024-08-07 | |
| http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities | 2024-08-07 | |
| http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/36309 | 2017-09-19 | |
| http://www.vupen.com/english/advisories/2009/2319 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vtiger Search vendor "Vtiger" | Vtiger Crm Search vendor "Vtiger" for product "Vtiger Crm" | 5.0.4 Search vendor "Vtiger" for product "Vtiger Crm" and version "5.0.4" | - |
Affected
| ||||||