PT-2006-5403 · Vtiger · Vtiger Crm

Ivan Markovic

Published

2006-09-07

Updated

2008-09-05

CVE-2006-4617

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions vtiger CRM versions 4.2.4 and earlier

Description The issue concerns an unrestricted file upload vulnerability. This vulnerability allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder.

Recommendations For versions 4.2.4 and earlier, consider restricting access to the fileupload.html module to minimize the risk of exploitation. As a temporary workaround, restrict file uploads to only necessary and validated file types to prevent the execution of arbitrary files.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4617

Affected Products

Vtiger Crm

PT-2006-5403 · Vtiger · Vtiger Crm

CVE-2006-4617

Related Identifiers

Affected Products

References · 4