Vtiger CRM <= 6.3 Authenticated Remote Code Execution

Overview :
Vtiger CRM version 6.3 (“Open Source” branch; released on 2015-06-04) and lower are vulnerable to Authenticated Remote Code Execution.
Affected Product(s) :
  • vTiger CRM 6.3.0
Vulnerability Details :
CVE ID : CVE-2015-600
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.3.0 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in test/logo/.

Solution :

latest version will fix the vuln

Fixed in 1.6.3.

 

Common Vulnerabilityies and Exposures

Contact us to get started

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

CVE-2022-27535 : KASPERSKY VPN SECURE CONNECTION UP TO 21.5 ON WINDOWS DENIAL OF SERVICE

Description Kaspersky VPN Secure Connection for Windows version up to 21.5 was vulnerable to arbitrary file deletion via abuse of

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

CVE-2022-32965 : OMICARD EDM HARD-CODED CREDENTIALS

Description OMICARD EDM has a hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized

CVE-2022-34619 : MEALIE 0.5.5 SHOPPING LISTS ITEM NAMES CROSS SITE SCRIPTING

CVE-2022-34619 : MEALIE 0.5.5 SHOPPING LISTS ITEM NAMES CROSS SITE SCRIPTING

Description A stored cross-site scripting (XSS) vulnerability in Mealie v0.5.5 allows attackers to execute arbitrary web scripts or HTML via