CVE-2014-1222
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
4Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
Vulnerabilidad de salto de directorio en kcfinder/browse.php en Vtiger CRM en versiones anteriores a 6.0.0 Security patch 1 permite a usuarios remotos autenticados leer archivos arbitrarios a través de un .. (punto punto) en el parámetro file en una acción de descarga. NOTA: es probable que este problema sea en realidad en el componente de terceros KCFinder, y que afecta a productos adicionales además de a Vtiger CRM.
Vtiger CRM versions 5.4.0, 6.0 RC, and 6.0.0 GA suffer from a local file inclusion vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2013-08-15 First Exploit
- 2014-01-07 CVE Reserved
- 2014-03-12 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-10 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/531423/100/0/threaded | Mailing List |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/36581 | 2015-03-31 | |
| https://www.exploit-db.com/exploits/27597 | 2013-08-15 | |
| https://www.exploit-db.com/exploits/32213 | 2014-03-12 | |
| https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222 | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/download | 2018-10-09 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vtiger Search vendor "Vtiger" | Vtiger Crm Search vendor "Vtiger" for product "Vtiger Crm" | <= 6.0.0 Search vendor "Vtiger" for product "Vtiger Crm" and version " <= 6.0.0" | - |
Affected
| ||||||