PT-2006-5375 · Vtiger · Vtiger Crm

Ivan Markovic

Published

2006-09-06

Updated

2011-03-08

CVE-2006-4588

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions vtiger CRM versions 4.2.4 and earlier

Description The issue allows remote attackers to bypass authentication and access administrative modules by making a direct request to "index.php" with a modified module parameter. This can be demonstrated using the Settings module.

Recommendations For versions 4.2.4 and earlier, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation. As a temporary workaround, limit the use of the module parameter in the "index.php" endpoint until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4588

Affected Products

Vtiger Crm

PT-2006-5375 · Vtiger · Vtiger Crm

CVE-2006-4588

Related Identifiers

Affected Products

References · 7