Free Trial

Vtiger CRM <= 6.3 Authenticated Remote Code Execution

isotretinoin generic online Overview :
Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code Execution.
http://thehistoryhacker.com/2013/01/22/political-debate-fruit-fight/?replytocom=448 Affected Product(s) :
  • vTiger CRM 6.3.0
Vulnerability Details :
CVE ID : CVE-2015-600
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.

Solution :

latest version will fix the vuln

Fixed in 1.6.3.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2023-5288 : SICK SIM1012 Access Control

CVE-2023-5288 : SICK SIM1012 Access Control

Description A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary

Learn more
CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

CVE-2023-44466 : Linux Kernel up to 6.4.4 Ceph File System net/ceph/messenger_v2.c Buffer Overflow

Description An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading

Learn more
CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

CVE-2023-20252 : CISCO CATALYST SD-WAN MANAGER SAML API IMPROPER AUTHENTICATION

Description A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an

Learn more