Search criteria
77 vulnerabilities found for CRM by vTiger
CVE-2025-1618 (GCVE-0-2025-1618)
Vulnerability from nvd – Published: 2025-02-24 04:31 – Updated: 2025-03-03 06:38
VLAI?
Title
vTiger CRM index.php cross site scripting
Summary
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
4.3 (Medium)
4.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
Stux (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1618",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T12:58:41.333628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T12:58:45.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CRM",
"vendor": "vTiger",
"versions": [
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In vTiger CRM 6.4.0/6.5.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /modules/Mobile/index.php. Durch Manipulation des Arguments _operation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 7.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T06:38:54.934Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296608 | vTiger CRM index.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296608"
},
{
"name": "VDB-296608 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296608"
},
{
"name": "Submit #501840 | vtiger Vtiger CRM 6.4.0 Reflected Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501840"
},
{
"tags": [
"product"
],
"url": "https://www.vtiger.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T07:43:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "vTiger CRM index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1618",
"datePublished": "2025-02-24T04:31:04.303Z",
"dateReserved": "2025-02-23T09:48:26.096Z",
"dateUpdated": "2025-03-03T06:38:54.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1618 (GCVE-0-2025-1618)
Vulnerability from cvelistv5 – Published: 2025-02-24 04:31 – Updated: 2025-03-03 06:38
VLAI?
Title
vTiger CRM index.php cross site scripting
Summary
A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component.
Severity ?
4.3 (Medium)
4.3 (Medium)
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Credits
Stux (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1618",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-24T12:58:41.333628Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-24T12:58:45.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "CRM",
"vendor": "vTiger",
"versions": [
{
"status": "affected",
"version": "6.4.0"
},
{
"status": "affected",
"version": "6.5.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Stux (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in vTiger CRM 6.4.0/6.5.0 and classified as problematic. This vulnerability affects unknown code of the file /modules/Mobile/index.php. The manipulation of the argument _operation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "de",
"value": "In vTiger CRM 6.4.0/6.5.0 wurde eine problematische Schwachstelle gefunden. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /modules/Mobile/index.php. Durch Manipulation des Arguments _operation mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 7.0 vermag dieses Problem zu l\u00f6sen. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T06:38:54.934Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-296608 | vTiger CRM index.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.296608"
},
{
"name": "VDB-296608 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.296608"
},
{
"name": "Submit #501840 | vtiger Vtiger CRM 6.4.0 Reflected Cross-Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.501840"
},
{
"tags": [
"product"
],
"url": "https://www.vtiger.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-02-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-02-23T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-03T07:43:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "vTiger CRM index.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1618",
"datePublished": "2025-02-24T04:31:04.303Z",
"dateReserved": "2025-02-23T09:48:26.096Z",
"dateUpdated": "2025-03-03T06:38:54.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201402-0420
Vulnerability from variot - Updated: 2024-02-14 23:01Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. (1) modules\com_vtiger_workflow\savetemplate.php of return_url Parameters (2) deletetask.php Unspecified elements (3) edittask.php Unspecified elements (4) savetask.php Unspecified elements (5) saveworkflow.php Unspecified elements. Vtiger CRM is a set of customer relationship management system (CRM) based on SugarCRM developed by Vtiger in the United States. The management system provides functions such as management, collection, and analysis of customer information. A cross-site scripting vulnerability exists in Vtiger, which stems from programs that do not properly filter input submitted by users. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vtiger 5.4.0 has vulnerabilities. Other versions may also be affected. [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting
I. * Information *
Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage : https://www.vtiger.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity : Medium (3/5) Advisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories) Credits: Sojobo dev team Description: A Reflected Cross Site Scripting vulnerability was discovered during the testing of Sojobo, Static Analysis Tool.
II. * Details *
A) Reflected Cross Site Scripting in savetemplate.php, deletetask.php, edittask.php, savetask.php and saveworkflow.php [Impact: 3/5]
Follow a trace to reach the vulnerable code.
File: \modules\com_vtiger_workflow\savetemplate.php 45: vtSaveWorkflowTemplate($adb, $_REQUEST); ... 37: $returnUrl = $request['return_url']; ... 40: window.location="";
The variable 'return_url' isn't correctly validated before to be printed in the page.
A test request is: /index.php?module=com_vtiger_workflow&action=savetemplate&return_url=">alert('xss');
III. * Report Timeline *
26 October 2013 - First contact 29 October 2013 - Fix announced on the new version 10 December 2013 - Fix release with the new version
IV. * About Sojobo *
Sojobo allows you to find security vulnerabilities in your PHP web application source code before others do. By using the state of the art techniques Sojobo is able to identify the most critical vulnerabilities in your code and limit the number of false positives
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201402-0420",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "5.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sojobo dev team",
"sources": [
{
"db": "BID",
"id": "64236"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
}
],
"trust": 1.0
},
"cve": "CVE-2013-7326",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-7326",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-67328",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7326",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67328",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\\com_vtiger_workflow\\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. (1) modules\\com_vtiger_workflow\\savetemplate.php of return_url Parameters (2) deletetask.php Unspecified elements (3) edittask.php Unspecified elements (4) savetask.php Unspecified elements (5) saveworkflow.php Unspecified elements. Vtiger CRM is a set of customer relationship management system (CRM) based on SugarCRM developed by Vtiger in the United States. The management system provides functions such as management, collection, and analysis of customer information. \nA cross-site scripting vulnerability exists in Vtiger, which stems from programs that do not properly filter input submitted by users. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vtiger 5.4.0 has vulnerabilities. Other versions may also be affected. [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting\n\n\nI. * Information *\n==================\nName : Vtiger 5.4.0 Reflected Cross Site Scripting\nSoftware : Vtiger 5.4.0 and possibly below. \nVendor Homepage : https://www.vtiger.com/\nVulnerability Type : Reflected Cross-Site Scripting\nSeverity : Medium (3/5)\nAdvisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories)\nCredits: Sojobo dev team\nDescription: A Reflected Cross Site Scripting vulnerability was discovered during the testing of Sojobo, Static Analysis Tool. \n\n\nII. * Details *\n===============\nA) Reflected Cross Site Scripting in savetemplate.php, deletetask.php, edittask.php, savetask.php and saveworkflow.php [Impact: 3/5]\n\n\nFollow a trace to reach the vulnerable code. \n\n\nFile: \\modules\\com_vtiger_workflow\\savetemplate.php\n45: vtSaveWorkflowTemplate($adb, $_REQUEST);\n... \n37: $returnUrl = $request[\u0027return_url\u0027];\n... \n40: window.location=\"\u003c?php echo $returnUrl?\u003e\";\n\n\nThe variable \u0027return_url\u0027 isn\u0027t correctly validated before to be printed in the page. \n\n\nA test request is: /index.php?module=com_vtiger_workflow\u0026action=savetemplate\u0026return_url=\"\u003e\u003cscript\u003ealert(\u0027xss\u0027);\u003c/script\u003e\n\n\nIII. * Report Timeline *\n========================\n\n\n26 October 2013 - First contact\n29 October 2013 - Fix announced on the new version\n10 December 2013 - Fix release with the new version\n\n\nIV. * About Sojobo *\n====================\nSojobo allows you to find security vulnerabilities in your PHP web application source code before others do. \nBy using the state of the art techniques Sojobo is able to identify the most critical vulnerabilities in your code \nand limit the number of false positives",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7326"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "PACKETSTORM",
"id": "124402"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7326",
"trust": 2.8
},
{
"db": "BID",
"id": "64236",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "124402",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "100897",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258",
"trust": 0.6
},
{
"db": "XF",
"id": "89662",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20131211 [SOJOBO-ADV-13-05] - VTIGER 5.4.0 REFLECTED CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67328",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"id": "VAR-201402-0420",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
}
],
"trust": 0.62916664
},
"last_update_date": "2024-02-14T23:01:32.535000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.enkomio.com/advisory/sojobo-adv-13-05"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/64236"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/124402"
},
{
"trust": 1.7,
"url": "http://osvdb.org/100897"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89662"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7326"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7326"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/89662"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%205.1.0/"
},
{
"trust": 0.1,
"url": "http://www.enkomio.com/advisories)"
},
{
"trust": 0.1,
"url": "https://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-67328"
},
{
"date": "2013-12-11T00:00:00",
"db": "BID",
"id": "64236"
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"date": "2013-12-12T04:41:27",
"db": "PACKETSTORM",
"id": "124402"
},
{
"date": "2013-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"date": "2014-02-14T19:55:26.717000",
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-67328"
},
{
"date": "2014-02-18T15:27:00",
"db": "BID",
"id": "64236"
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"date": "2013-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"date": "2024-02-14T01:17:43.863000",
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
}
],
"trust": 1.3
}
}
VAR-200808-0340
Vulnerability from variot - Updated: 2024-02-13 23:03Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. vtiger CRM is prone to an information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. A remote attacker may exploit this vulnerability to retrieve arbitrary files that may contain potentially sensitive information. Information harvested may be used in further attacks. This issue affects versions prior to vtiger CRM 5.0.4 RC. Vtiger CRM is an open source web-based customer relationship management system (CRM) based on Sales Force Automation (SFA).
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: vtiger CRM File Disclosure Vulnerability
SECUNIA ADVISORY ID: SA28370
VERIFY ADVISORY: http://secunia.com/advisories/28370/
CRITICAL: Moderately critical
IMPACT: Exposure of sensitive information
WHERE:
From remote
SOFTWARE: vtiger CRM 5.x http://secunia.com/product/14762/
DESCRIPTION: A vulnerability has been reported in vtiger CRM, which can be exploited by malicious people to disclose potentially sensitive information.
The vulnerability is caused due to the application not correctly restricting access to e.g. the /test/wordtemplatedownload directory, which can be exploited to list and download directory contents.
SOLUTION: Restrict access to affected directories (e.g. via ".htaccess"). Renaming this file to ".htaccess" prohibits the listing of directory content.
PROVIDED AND/OR DISCOVERED BY: Reported in a bug by "pieper".
ORIGINAL ADVISORY: http://sourceforge.net/project/shownotes.php?release_id=567189
Bug #2107: http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm rc",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
}
],
"sources": [
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pieper is credited with discovering this issue.",
"sources": [
{
"db": "BID",
"id": "27228"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
}
],
"trust": 0.9
},
"cve": "CVE-2008-3458",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-3458",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-33583",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3458",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-046",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33583",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2008-3458",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM before 5.0.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read mail merge templates via a direct request to the wordtemplatedownload directory. vtiger CRM is prone to an information-disclosure vulnerability because the application fails to properly sanitize user-supplied input. \nA remote attacker may exploit this vulnerability to retrieve arbitrary files that may contain potentially sensitive information. Information harvested may be used in further attacks. \nThis issue affects versions prior to vtiger CRM 5.0.4 RC. Vtiger CRM is an open source web-based customer relationship management system (CRM) based on Sales Force Automation (SFA). \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM File Disclosure Vulnerability\n\nSECUNIA ADVISORY ID:\nSA28370\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/28370/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nvtiger CRM 5.x\nhttp://secunia.com/product/14762/\n\nDESCRIPTION:\nA vulnerability has been reported in vtiger CRM, which can be\nexploited by malicious people to disclose potentially sensitive\ninformation. \n\nThe vulnerability is caused due to the application not correctly\nrestricting access to e.g. the /test/wordtemplatedownload directory,\nwhich can be exploited to list and download directory contents. \n\nSOLUTION:\nRestrict access to affected directories (e.g. via \".htaccess\"). Renaming\nthis file to \".htaccess\" prohibits the listing of directory content. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported in a bug by \"pieper\". \n\nORIGINAL ADVISORY:\nhttp://sourceforge.net/project/shownotes.php?release_id=567189\n\nBug #2107:\nhttp://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3458"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "PACKETSTORM",
"id": "62490"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3458",
"trust": 2.9
},
{
"db": "BID",
"id": "27228",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "28370",
"trust": 1.9
},
{
"db": "OSVDB",
"id": "40218",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-33583",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2008-3458",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "62490",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "PACKETSTORM",
"id": "62490"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"id": "VAR-200808-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
}
],
"trust": 0.62916664
},
"last_update_date": "2024-02-13T23:03:00.705000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2107",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2107"
},
{
"trust": 1.9,
"url": "http://sourceforge.net/project/shownotes.php?release_id=567189"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/27228"
},
{
"trust": 1.8,
"url": "http://wiki.vtiger.com/index.php/vtiger_crm_5.0.4_-_release_notes"
},
{
"trust": 1.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/11811"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/40218"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/28370"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3458"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3458"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/28370/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14762/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "PACKETSTORM",
"id": "62490"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33583"
},
{
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"db": "BID",
"id": "27228"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"db": "PACKETSTORM",
"id": "62490"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-04T00:00:00",
"db": "VULHUB",
"id": "VHN-33583"
},
{
"date": "2008-08-04T00:00:00",
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"date": "2008-01-10T00:00:00",
"db": "BID",
"id": "27228"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"date": "2008-01-10T22:33:57",
"db": "PACKETSTORM",
"id": "62490"
},
{
"date": "2008-08-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"date": "2008-08-04T19:41:00",
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-33583"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULMON",
"id": "CVE-2008-3458"
},
{
"date": "2015-05-07T17:33:00",
"db": "BID",
"id": "27228"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003712"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-046"
},
{
"date": "2017-11-22T17:25:31.897000",
"db": "NVD",
"id": "CVE-2008-3458"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM Vulnerable to reading email merge templates",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003712"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-046"
}
],
"trust": 0.6
}
}
VAR-200707-0373
Vulnerability from variot - Updated: 2023-12-18 14:06index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo. vtiger CRM is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85646"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-3598",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26960",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3598",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-098",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26960",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users\u0027 names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a \"You are not permitted to execute this Operation\" error message in a 5.0.3 demo. vtiger CRM is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "VULHUB",
"id": "VHN-26960"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3598",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098",
"trust": 0.6
},
{
"db": "BID",
"id": "85646",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
]
},
"id": "VAR-200707-0373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T14:06:43.879000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2985",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2985"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2664"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2985"
},
{
"trust": 2.0,
"url": "http://forums.vtiger.com/viewtopic.php?p=38609"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3598"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3598"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26960"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85646"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-26960"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85646"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"date": "2008-09-05T21:26:07.277000",
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "index.php of vtiger CRM Vulnerabilities in which all user names are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
],
"trust": 0.6
}
}
VAR-201608-0190
Vulnerability from variot - Updated: 2023-12-18 14:05modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. Vtiger CRM is a customer relationship management (CRM) software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user with user privileges may create new users or alter existing user information. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Vtiger CRM 6.4.0 and prior versions are vulnerable. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability is caused by the program not properly restricting the user-save operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0190",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "6.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "6.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.5.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.1"
}
],
"sources": [
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.4.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inc.,Hirota Kazuki of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4834",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000126",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-93653",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-4834",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000126",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4834",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000126",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-960",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93653",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-4834",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. Vtiger CRM is a customer relationship management (CRM) software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user with user privileges may create new users or alter existing user information. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. \nVtiger CRM 6.4.0 and prior versions are vulnerable. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability is caused by the program not properly restricting the user-save operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4834",
"trust": 2.9
},
{
"db": "JVN",
"id": "JVN01956993",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126",
"trust": 2.6
},
{
"db": "BID",
"id": "92076",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036485",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-93653",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4834",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"id": "VAR-201608-0190",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T14:05:56.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download - Vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/download/"
},
{
"title": "Refactored access control on user-save operation. ",
"trust": 0.8,
"url": "http://code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68c"
},
{
"title": "Vtiger CRM Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63312"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://jvn.jp/en/jp/jvn01956993/index.html"
},
{
"trust": 2.1,
"url": "http://code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68c"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/92076"
},
{
"trust": 1.8,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000126"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036485"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4834"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4834"
},
{
"trust": 0.3,
"url": "https://www.vtiger.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-93653"
},
{
"date": "2016-08-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"date": "2016-07-20T00:00:00",
"db": "BID",
"id": "92076"
},
{
"date": "2016-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"date": "2016-08-01T02:59:14.620000",
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"date": "2016-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-93653"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"date": "2016-07-20T00:00:00",
"db": "BID",
"id": "92076"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"date": "2021-05-14T14:38:05.323000",
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM does not properly restrict access to application data",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
],
"trust": 0.6
}
}
VAR-202101-0284
Vulnerability from variot - Updated: 2023-12-18 14:04Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. Vtiger CRM Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Vtiger CRM is a customer relationship management system (CRM) developed by Vtiger in the United States based on SugarCRM. The management system provides functions such as management, collection, and analysis of customer information.
Vtiger CRM v7.2.0 has a cross-site scripting vulnerability, which stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202101-0284",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "7.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"db": "NVD",
"id": "CVE-2020-19362"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-19362"
}
]
},
"cve": "CVE-2020-19362",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2020-19362",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-05457",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-172733",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2020-19362",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-19362",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2021-05457",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-1540",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-172733",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-19362",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"db": "VULHUB",
"id": "VHN-172733"
},
{
"db": "VULMON",
"id": "CVE-2020-19362"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"db": "NVD",
"id": "CVE-2020-19362"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. Vtiger CRM Contains a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. Vtiger CRM is a customer relationship management system (CRM) developed by Vtiger in the United States based on SugarCRM. The management system provides functions such as management, collection, and analysis of customer information. \n\r\n\r\nVtiger CRM v7.2.0 has a cross-site scripting vulnerability, which stems from the lack of correct verification of client data in the WEB application. An attacker can use this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-19362"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"db": "VULHUB",
"id": "VHN-172733"
},
{
"db": "VULMON",
"id": "CVE-2020-19362"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-19362",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-05457",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1540",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-172733",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-19362",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"db": "VULHUB",
"id": "VHN-172733"
},
{
"db": "VULMON",
"id": "CVE-2020-19362"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"db": "NVD",
"id": "CVE-2020-19362"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
]
},
"id": "VAR-202101-0284",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"db": "VULHUB",
"id": "VHN-172733"
}
],
"trust": 1.2291666399999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05457"
}
]
},
"last_update_date": "2023-12-18T14:04:30.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vtiger\u00a0Open\u00a0Source\u00a0Edition\u00a07.4.0",
"trust": 0.8,
"url": "https://www.vtiger.com/open-source-crm/download-open-source/"
},
{
"title": "Vtiger-CRM-Vulnerabilities",
"trust": 0.1,
"url": "https://github.com/emreovunc/vtiger-crm-vulnerabilities "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-19362"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-172733"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"db": "NVD",
"id": "CVE-2020-19362"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/emreovunc/vtiger-crm-vulnerabilities/"
},
{
"trust": 2.4,
"url": "https://emreovunc.com/blog/en/vtiger_crm_xss_03.png"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-19362"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://github.com/emreovunc/vtiger-crm-vulnerabilities"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"db": "VULHUB",
"id": "VHN-172733"
},
{
"db": "VULMON",
"id": "CVE-2020-19362"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"db": "NVD",
"id": "CVE-2020-19362"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"db": "VULHUB",
"id": "VHN-172733"
},
{
"db": "VULMON",
"id": "CVE-2020-19362"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"db": "NVD",
"id": "CVE-2020-19362"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULHUB",
"id": "VHN-172733"
},
{
"date": "2021-01-20T00:00:00",
"db": "VULMON",
"id": "CVE-2020-19362"
},
{
"date": "2021-10-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"date": "2021-01-20T01:15:13.333000",
"db": "NVD",
"id": "CVE-2020-19362"
},
{
"date": "2021-01-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-05457"
},
{
"date": "2021-01-22T00:00:00",
"db": "VULHUB",
"id": "VHN-172733"
},
{
"date": "2021-01-22T00:00:00",
"db": "VULMON",
"id": "CVE-2020-19362"
},
{
"date": "2021-10-04T08:24:00",
"db": "JVNDB",
"id": "JVNDB-2020-015546"
},
{
"date": "2021-01-22T20:40:36.050000",
"db": "NVD",
"id": "CVE-2020-19362"
},
{
"date": "2021-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0CRM\u00a0 Cross-site Scripting Vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-015546"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-1540"
}
],
"trust": 0.6
}
}
VAR-201905-1078
Vulnerability from variot - Updated: 2023-12-18 14:00SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-1078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "7.1.0"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "7.0.1"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "7.1.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"db": "NVD",
"id": "CVE-2019-11057"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:7.1.0:hotfix2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:7.1.0:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:7.1.0:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:7.1.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11057"
}
]
},
"cve": "CVE-2019-11057",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-11057",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-142665",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-11057",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-11057",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-774",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-142665",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142665"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"db": "NVD",
"id": "CVE-2019-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in Vtiger CRM before 7.1.0 hotfix3 allows authenticated users to execute arbitrary SQL commands. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-11057"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"db": "VULHUB",
"id": "VHN-142665"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-11057",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004622",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-774",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-142665",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142665"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"db": "NVD",
"id": "CVE-2019-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
]
},
"id": "VAR-201905-1078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-142665"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T14:00:57.613000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix3) Released",
"trust": 0.8,
"url": "http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-april/037964.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142665"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"db": "NVD",
"id": "CVE-2019-11057"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://cybersecurityworks.com/zerodays/cve-2019-11057-vtiger.html"
},
{
"trust": 1.7,
"url": "http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-april/037964.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11057"
},
{
"trust": 1.0,
"url": "https://medium.com/%40mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11057"
},
{
"trust": 0.7,
"url": "https://medium.com/@mohnishdhage/sql-injection-vtiger-crm-v7-1-0-cve-2019-11057-245f84fc5c2c"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-142665"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"db": "NVD",
"id": "CVE-2019-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-142665"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"db": "NVD",
"id": "CVE-2019-11057"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-142665"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"date": "2019-05-17T17:29:00.280000",
"db": "NVD",
"id": "CVE-2019-11057"
},
{
"date": "2019-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-142665"
},
{
"date": "2019-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-004622"
},
{
"date": "2023-11-07T03:02:38.907000",
"db": "NVD",
"id": "CVE-2019-11057"
},
{
"date": "2020-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-004622"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-774"
}
],
"trust": 0.6
}
}
VAR-201209-0439
Vulnerability from variot - Updated: 2023-12-18 13:57Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.1.0"
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"cve": "CVE-2012-4867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4867",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8109",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d720862-463f-11e9-bdf0-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6618136a-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-58148",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4867",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2012-8109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-078",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-58148",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-58148"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-58148",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58148"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4867",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "18635",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "111075",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-8109",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D720862-463F-11E9-BDF0-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "6618136A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "18770",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72808",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-58148",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"id": "VAR-201209-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
}
]
},
"last_update_date": "2023-12-18T13:57:53.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
},
{
"title": "Patch for vtiger CRM path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/35988"
},
{
"title": "vtigercrm-5.4.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=44512"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/18635"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.org/files/111075/vtiger-5.1.0-local-file-inclusion.html"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4867"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4867"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-12T00:00:00",
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"date": "2012-09-12T00:00:00",
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"date": "2012-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-58148"
},
{
"date": "2012-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"date": "2012-09-06T17:55:01.707000",
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"date": "2012-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-58148"
},
{
"date": "2012-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"date": "2012-09-07T04:00:00",
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 1.0
}
}
VAR-200610-0315
Vulnerability from variot - Updated: 2023-12-18 13:54Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. (1) modules/Calendar/admin/update.php To calpath Parameters (2) modules/Calendar/admin/scheme.php To calpath Parameters (3) modules/Calendar/calendar.php To calpath Parameters. vtiger CRM is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible. vtiger CRM 4.2 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
}
],
"sources": [
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dedi Dwianto is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "20435"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
],
"trust": 0.9
},
"cve": "CVE-2006-5289",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-5289",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-21397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-5289",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-203",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-21397",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. (1) modules/Calendar/admin/update.php To calpath Parameters (2) modules/Calendar/admin/scheme.php To calpath Parameters (3) modules/Calendar/calendar.php To calpath Parameters. vtiger CRM is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. \nThis may allow an attacker to compromise the application and the underlying system; other attacks are also possible. \nvtiger CRM 4.2 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "VULHUB",
"id": "VHN-21397"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-21397",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5289",
"trust": 2.5
},
{
"db": "BID",
"id": "20435",
"trust": 2.0
},
{
"db": "SREASON",
"id": "1722",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "2508",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061009 [ECHO_ADV_54$2006]VTIGER CRM \u003c=4.2 (CALPATH) MULTIPLE REMOTE FILE INCLUSION VULNERABILITY",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "2508",
"trust": 0.6
},
{
"db": "XF",
"id": "29416",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-64076",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-21397",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
]
},
"id": "VAR-200610-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:54:06.688000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/20435"
},
{
"trust": 1.7,
"url": "http://advisories.echo.or.id/adv/adv54-theday-2006.txt"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1722"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/448092/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/2508"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5289"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5289"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29416"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/448092/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/2508"
},
{
"trust": 0.6,
"url": "http://milw0rm.com/exploits/2508"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-21397"
},
{
"date": "2006-10-10T00:00:00",
"db": "BID",
"id": "20435"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"date": "2006-10-13T20:07:00",
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"date": "2006-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-21397"
},
{
"date": "2006-10-12T19:49:00",
"db": "BID",
"id": "20435"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"date": "2018-10-17T21:42:01.437000",
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"date": "2006-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM In PHP Remote file inclusion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
],
"trust": 0.6
}
}
VAR-201901-0065
Vulnerability from variot - Updated: 2023-12-18 13:52Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. Vtiger CRM Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There are security vulnerabilities in the actions/CompanyDetailsSave.php file, actions/UpdateCompanyLogo.php file, and models/CompanyDetails.php file in versions prior to Vtiger CRM 7.1.0 Hotfix2
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201901-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "7.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "7.1.0"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "7.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": "7.1.0 hotfix2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "NVD",
"id": "CVE-2019-5009"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:7.1.0:hotfix1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5009"
}
]
},
"cve": "CVE-2019-5009",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-5009",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-156444",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-5009",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-5009",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-081",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-156444",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "NVD",
"id": "CVE-2019-5009"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension \"php3\" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using \"\u003c? ?\u003e\" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php. Vtiger CRM Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There are security vulnerabilities in the actions/CompanyDetailsSave.php file, actions/UpdateCompanyLogo.php file, and models/CompanyDetails.php file in versions prior to Vtiger CRM 7.1.0 Hotfix2",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-5009"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "VULHUB",
"id": "VHN-156444"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-5009",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "46065",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001735",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-081",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-156444",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "NVD",
"id": "CVE-2019-5009"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
]
},
"id": "VAR-201901-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-156444"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:52:26.657000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Fixes #1088: Santize filename uploaded with bad-extension",
"trust": 0.8,
"url": "http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375"
},
{
"title": "[Vtigercrm-developers] Vtiger CRM 7.1.0 (hotfix2) Released",
"trust": 0.8,
"url": "http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-january/037852.html"
},
{
"title": "Vtiger CRM Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=88280"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "NVD",
"id": "CVE-2019-5009"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46065"
},
{
"trust": 1.7,
"url": "http://code.vtiger.com/vtiger/vtigercrm/commit/52fc2fb520ddc55949c2fbedaabd61ddd0109375"
},
{
"trust": 1.7,
"url": "http://lists.vtigercrm.com/pipermail/vtigercrm-developers/2019-january/037852.html"
},
{
"trust": 1.7,
"url": "https://pentest.com.tr/exploits/vtiger-crm-7-1-0-remote-code-execution.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-5009"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5009"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-156444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "NVD",
"id": "CVE-2019-5009"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-156444"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"db": "NVD",
"id": "CVE-2019-5009"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-156444"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"date": "2019-01-04T14:29:00.237000",
"db": "NVD",
"id": "CVE-2019-5009"
},
{
"date": "2019-01-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "VULHUB",
"id": "VHN-156444"
},
{
"date": "2019-03-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-001735"
},
{
"date": "2019-10-24T12:31:06.643000",
"db": "NVD",
"id": "CVE-2019-5009"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM Vulnerable to unlimited upload of dangerous types of files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-001735"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-081"
}
],
"trust": 0.6
}
}
VAR-202104-0087
Vulnerability from variot - Updated: 2023-12-18 13:51An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "7.2.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22807"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:7.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22807"
}
]
},
"cve": "CVE-2020-22807",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-176522",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2020-22807",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-22807",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-202104-2220",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-176522",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-22807",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176522"
},
{
"db": "VULMON",
"id": "CVE-2020-22807"
},
{
"db": "NVD",
"id": "CVE-2020-22807"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-22807"
},
{
"db": "VULHUB",
"id": "VHN-176522"
},
{
"db": "VULMON",
"id": "CVE-2020-22807"
}
],
"trust": 1.08
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-22807",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2220",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-176522",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-22807",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176522"
},
{
"db": "VULMON",
"id": "CVE-2020-22807"
},
{
"db": "NVD",
"id": "CVE-2020-22807"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
]
},
"id": "VAR-202104-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-176522"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:51:34.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger crm SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=149429"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176522"
},
{
"db": "NVD",
"id": "CVE-2020-22807"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://cloud.tencent.com/developer/article/1612208"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vtiger-crm-sql-injection-via-the-calendar-35210"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-22807"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/89.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-176522"
},
{
"db": "VULMON",
"id": "CVE-2020-22807"
},
{
"db": "NVD",
"id": "CVE-2020-22807"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-176522"
},
{
"db": "VULMON",
"id": "CVE-2020-22807"
},
{
"db": "NVD",
"id": "CVE-2020-22807"
},
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-29T00:00:00",
"db": "VULHUB",
"id": "VHN-176522"
},
{
"date": "2021-04-29T00:00:00",
"db": "VULMON",
"id": "CVE-2020-22807"
},
{
"date": "2021-04-29T19:15:08.827000",
"db": "NVD",
"id": "CVE-2020-22807"
},
{
"date": "2021-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-05-19T00:00:00",
"db": "VULHUB",
"id": "VHN-176522"
},
{
"date": "2021-05-03T00:00:00",
"db": "VULMON",
"id": "CVE-2020-22807"
},
{
"date": "2021-05-19T17:00:58.930000",
"db": "NVD",
"id": "CVE-2020-22807"
},
{
"date": "2021-05-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger crm SQL Injection vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202104-2220"
}
],
"trust": 0.6
}
}
VAR-200707-0489
Vulnerability from variot - Updated: 2023-12-18 13:45The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. vtiger CRM is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0489",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85596"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3617"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85596"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3617",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-3617",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26979",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3617",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26979",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26979"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The report module in vtiger CRM before 5.0.3 does not properly apply security rules, which allows remote authenticated users to read arbitrary private module entries. vtiger CRM is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"db": "BID",
"id": "85596"
},
{
"db": "VULHUB",
"id": "VHN-26979"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3617",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "45804",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005834",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-093",
"trust": 0.6
},
{
"db": "BID",
"id": "85596",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26979",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26979"
},
{
"db": "BID",
"id": "85596"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
]
},
"id": "VAR-200707-0489",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26979"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:45:07.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2692",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3617"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2692"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45804"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3617"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3617"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26979"
},
{
"db": "BID",
"id": "85596"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26979"
},
{
"db": "BID",
"id": "85596"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26979"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85596"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-26979"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85596"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005834"
},
{
"date": "2008-11-13T06:42:45.030000",
"db": "NVD",
"id": "CVE-2007-3617"
},
{
"date": "2007-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of report Vulnerability to read arbitrary private module entries in modules",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005834"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-093"
}
],
"trust": 0.6
}
}
VAR-200707-0377
Vulnerability from variot - Updated: 2023-12-18 13:30The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. vtiger CRM is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85621"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3602"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85621"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3602",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-3602",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26964",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3602",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-106",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26964",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26964"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that authenticated accounts are active, which allows remote authenticated users with inactive accounts to access and modify data, as demonstrated by the Thunderbird plugin. vtiger CRM is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"db": "BID",
"id": "85621"
},
{
"db": "VULHUB",
"id": "VHN-26964"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3602",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005821",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-106",
"trust": 0.7
},
{
"db": "BID",
"id": "85621",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26964",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26964"
},
{
"db": "BID",
"id": "85621"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
]
},
"id": "VAR-200707-0377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26964"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:30:37.835000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3084",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3602"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3084"
},
{
"trust": 2.0,
"url": "http://forums.vtiger.com/viewtopic.php?p=44233"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10245"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3602"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3602"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26964"
},
{
"db": "BID",
"id": "85621"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26964"
},
{
"db": "BID",
"id": "85621"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26964"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85621"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-26964"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85621"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005821"
},
{
"date": "2008-09-05T21:26:07.823000",
"db": "NVD",
"id": "CVE-2007-3602"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of SOAP Web Data access vulnerabilities in services",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005821"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-106"
}
],
"trust": 0.6
}
}
VAR-200809-0406
Vulnerability from variot - Updated: 2023-12-18 13:30Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting, which can be used for several isues
Example
Assuming vtigerCRM is installed on http://localhost/vtigercrm/, one can inject JavaScript with: http://localhost/vtigercrm/index.php?module=Products&action=index&parenttab=">alert(1); http://localhost/vtigercrm/index.php?module=Users&action=Authenticate&user_password=">alert(1); http://localhost/vtigercrm/index.php?module=Home&action=UnifiedSearch&query_string=">alert(1);
Workaround/Fix
vtiger CRM Security Patch for 5.0.4 [1]
Disclosure Timeline
2008-07-28 Vendor contacted 2008-07-28 Vendor fixed issue in test environment 2008-07-30 Vender released patch 2008-07-30 Vendor dev statet they'll release a second patch within days 2008-09-01 published advisory, no second patch from upstream yet
CVE Information
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2008-3101 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org/), which standardizes names for security problems. Credits and copyright
This vulnerability was discovered by Fabian Fingerle [2] (published with help from Hanno Boeck [3]). It's licensed under the creative commons attribution license [4].
Fabian Fingerle, 2008-09-01
[1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload&tx_abdownloads_pi1[uid]=128&tx_abdownloads_pi1[category_uid]=5&cHash=e16be773a5 [2] http://www.fabian-fingerle.de [3] http://www.hboeck.de [4] http://creativecommons.org/licenses/by/3.0/de/
-- GPG 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85 chaos events near stuttgart www.datensalat.eu .
Successful exploitation of this vulnerability requires that the target user has valid user credentials.
The vulnerabilities are confirmed in version 5.0.4.
SOLUTION: Apply the vendor's official patch: http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload&tx_abdownloads_pi1%5Buid%5D=128&tx_abdownloads_pi1%5Bcategory_uid%5D=5&cHash=e16be773a5
PROVIDED AND/OR DISCOVERED BY: Fabian Fingerle
ORIGINAL ADVISORY: http://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200809-0406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.7,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "silentum loginsys",
"scope": "eq",
"trust": 0.3,
"vendor": "hypersilence",
"version": "1.0"
}
],
"sources": [
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fabian Fingerle\u203b fabian@datensalat.eu",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
],
"trust": 0.6
},
"cve": "CVE-2008-3101",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-3101",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-33226",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-3101",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200809-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33226",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the parenttab parameter in an index action to the Products module, as reachable through index.php; (2) the user_password parameter in an Authenticate action to the Users module, as reachable through index.php; or (3) the query_string parameter in a UnifiedSearch action to the Home module, as reachable through index.php. vtiger CRM Contains a cross-site scripting vulnerability.Any third party, through the following parameters, Web Script or HTML May be inserted. vtiger CRM is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nvtiger CRM 5.0.4 is vulnerable; other versions may also be affected. There is a cross-site scripting vulnerability in the Activities module of vtiger CRM version 5.0.4. NOTE: The query_string vector has been covered by CVE-2008-3101.3. The application is vulnerable to simple Cross Site Scripting,\nwhich can be used for several isues \n\nExample\n\nAssuming vtigerCRM is installed on http://localhost/vtigercrm/, one can\ninject JavaScript with:\nhttp://localhost/vtigercrm/index.php?module=Products\u0026action=index\u0026parenttab=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\nhttp://localhost/vtigercrm/index.php?module=Users\u0026action=Authenticate\u0026user_password=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\nhttp://localhost/vtigercrm/index.php?module=Home\u0026action=UnifiedSearch\u0026query_string=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e\n\nWorkaround/Fix\n\nvtiger CRM Security Patch for 5.0.4 [1]\n\nDisclosure Timeline\n\n2008-07-28 Vendor contacted\n2008-07-28 Vendor fixed issue in test environment\n2008-07-30 Vender released patch\n2008-07-30 Vendor dev statet they\u0027ll release a second patch within days\n2008-09-01 published advisory, no second patch from upstream yet\n\nCVE Information\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CVE-2008-3101 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org/), which standardizes names for\nsecurity problems. Credits and copyright\n\nThis vulnerability was discovered by Fabian Fingerle [2] (published with\nhelp from Hanno Boeck [3]). It\u0027s licensed under the creative\ncommons attribution license [4]. \n\nFabian Fingerle, 2008-09-01\n\n[1] http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026cHash=e16be773a5\n[2] http://www.fabian-fingerle.de\n[3] http://www.hboeck.de\n[4] http://creativecommons.org/licenses/by/3.0/de/\n\n-- \n_GPG_ 3D17 CAC8 1955 1908 65ED 5C51 FDA3 6A09 AB41 AB85\n_chaos events near stuttgart_ www.datensalat.eu\n. \n\nSuccessful exploitation of this vulnerability requires that the\ntarget user has valid user credentials. \n\nThe vulnerabilities are confirmed in version 5.0.4. \n\nSOLUTION:\nApply the vendor\u0027s official patch:\nhttp://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5Baction%5D=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5Buid%5D=128\u0026tx_abdownloads_pi1%5Bcategory_uid%5D=5\u0026cHash=e16be773a5\n\nPROVIDED AND/OR DISCOVERED BY:\nFabian Fingerle\n\nORIGINAL ADVISORY:\nhttp://www.datensalat.eu/~fabian/cve/CVE-2008-3101-vtigerCRM.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
}
],
"trust": 2.43
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-33226",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3101",
"trust": 3.3
},
{
"db": "BID",
"id": "30951",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31679",
"trust": 1.9
},
{
"db": "SREASON",
"id": "4208",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2471",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000",
"trust": 0.8
},
{
"db": "XF",
"id": "44792",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080901 MULTIPLE CROSS SITE SCRIPTING (XSS) VULNERABILITIES IN VTIGERCRM 5.0.4, CVE-2008-3101",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021",
"trust": 0.6
},
{
"db": "BID",
"id": "31055",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "69548",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-85602",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "32307",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-33226",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69521",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
]
},
"id": "VAR-200809-0406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:30:21.183000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.datensalat.eu/~fabian/cve/cve-2008-3101-vtigercrm.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/30951"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31679"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/4208"
},
{
"trust": 1.7,
"url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload\u0026tx_abdownloads_pi1%5buid%5d=128\u0026tx_abdownloads_pi1%5bcategory_uid%5d=5\u0026chash=e16be773a5"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/495885/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2471"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44792"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3101"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3101"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44792"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495885/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2471"
},
{
"trust": 0.4,
"url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1[action]=getviewdetailsfordownload\u0026tx_abdownloads_pi1[uid]=128\u0026tx_abdownloads_pi1[category_uid]=5\u0026chash=e16be773a5"
},
{
"trust": 0.3,
"url": "http://hypersilence.net/silentum_loginsys.php"
},
{
"trust": 0.3,
"url": "msg://bugtraq/20080901112401.4a51701a@mobile.fabian.datensalat.eu"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
},
{
"trust": 0.1,
"url": "http://www.vtiger.de/vtiger-crm/downloads/patches.html?tx_abdownloads_pi1%5baction%5d=getviewdetailsfordownload\u0026amp;tx_abdownloads_pi1%5buid%5d=128\u0026amp;tx_abdownloads_pi1%5bcategory_uid%5d=5\u0026amp;chash=e16be773a5"
},
{
"trust": 0.1,
"url": "http://www.vtiger.de/"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/),"
},
{
"trust": 0.1,
"url": "http://www.hboeck.de"
},
{
"trust": 0.1,
"url": "https://www.datensalat.eu"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/index.php?module=home\u0026action=unifiedsearch\u0026query_string=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://www.fabian-fingerle.de"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-3101"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by/3.0/de/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3101"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/,"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/index.php?module=products\u0026action=index\u0026parenttab=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://localhost/vtigercrm/index.php?module=users\u0026action=authenticate\u0026user_password=\"\u003e\u003cscript\u003ealert(1);\u003c/script\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31679/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14762/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33226"
},
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-03T00:00:00",
"db": "VULHUB",
"id": "VHN-33226"
},
{
"date": "2008-09-06T00:00:00",
"db": "BID",
"id": "31055"
},
{
"date": "2008-09-01T00:00:00",
"db": "BID",
"id": "30951"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"date": "2008-09-03T02:42:07",
"db": "PACKETSTORM",
"id": "69548"
},
{
"date": "2008-09-03T00:17:02",
"db": "PACKETSTORM",
"id": "69521"
},
{
"date": "2008-09-03T14:12:00",
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"date": "2008-09-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-33226"
},
{
"date": "2008-09-09T17:11:00",
"db": "BID",
"id": "31055"
},
{
"date": "2008-09-01T00:00:00",
"db": "BID",
"id": "30951"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006000"
},
{
"date": "2023-11-07T02:02:24.423000",
"db": "NVD",
"id": "CVE-2008-3101"
},
{
"date": "2009-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "31055"
},
{
"db": "BID",
"id": "30951"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Multiple Cross-Site Scripting Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "30951"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "69548"
},
{
"db": "PACKETSTORM",
"id": "69521"
},
{
"db": "CNNVD",
"id": "CNNVD-200809-021"
}
],
"trust": 0.8
}
}
VAR-201411-0075
Vulnerability from variot - Updated: 2023-12-18 13:29views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. vtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company, which provides functions such as management, collection and analysis of customer information. Install Module is one of the installation modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0 security patch 2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:6.0.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:6.0.0:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:6.0.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan of Navixia Research Team",
"sources": [
{
"db": "BID",
"id": "66758"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2268",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-70207",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2268",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-544",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70207",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-2268",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. \nExploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. \nvtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company, which provides functions such as management, collection and analysis of customer information. Install Module is one of the installation modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70207",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32794",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2268",
"trust": 2.9
},
{
"db": "BID",
"id": "66757",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "32794",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544",
"trust": 0.7
},
{
"db": "BID",
"id": "66758",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "126067",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-86064",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-70207",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-2268",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"id": "VAR-201411-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:29:45.848000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IMP: forgot password and re-installation security fix",
"trust": 0.8,
"url": "http://vtiger-crm.2324883.n4.nabble.com/vtigercrm-developers-imp-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"title": "vtigercrm-600-security-patch3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52472"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html"
},
{
"trust": 2.1,
"url": "http://vtiger-crm.2324883.n4.nabble.com/vtigercrm-developers-imp-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/66757"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/32794"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2268"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2268"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/32794/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/multi/http/vtiger_install_rce"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/66758"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-70207"
},
{
"date": "2014-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66758"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"date": "2014-11-16T01:59:00.130000",
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"date": "2014-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-70207"
},
{
"date": "2017-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66758"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"date": "2017-11-20T18:27:19.483000",
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger Of installation modules views/Index.php Vulnerable to application reinstallation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
],
"trust": 0.6
}
}
VAR-201404-0332
Vulnerability from variot - Updated: 2023-12-18 13:29modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. vtiger CRM is prone to a security-bypass vulnerability. An attacker can exploit this issue to change a user's password, thereby aiding in further attacks. vtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There is a security hole in the modules/Users/ForgotPassword.php file of Vtiger CRM6.0 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0 security patch 2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan of Navixia Research Team",
"sources": [
{
"db": "BID",
"id": "66757"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-2269",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-70208",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2269",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-432",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70208",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. vtiger CRM is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to change a user\u0027s password, thereby aiding in further attacks. \nvtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There is a security hole in the modules/Users/ForgotPassword.php file of Vtiger CRM6.0 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "VULHUB",
"id": "VHN-70208"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2269",
"trust": 2.8
},
{
"db": "BID",
"id": "66758",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[VTIGERCRM-DEVELOPERS] 20140316 IMP: FORGOT PASSWORD AND RE-INSTALLATION SECURITY FIX",
"trust": 0.6
},
{
"db": "BID",
"id": "66757",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-70208",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"id": "VAR-201404-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:29:45.880000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IMP: forgot password and re-installation security fix",
"trust": 0.8,
"url": "http://vtiger-crm.2324883.n4.nabble.com/vtigercrm-developers-imp-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"title": "vtigercrm-600-security-patch2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=49462"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/66758"
},
{
"trust": 1.7,
"url": "http://vtiger-crm.2324883.n4.nabble.com/vtigercrm-developers-imp-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2269"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2269"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70208"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66757"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"date": "2014-04-22T13:06:28.523000",
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70208"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66757"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"date": "2014-04-22T16:31:24.980000",
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger of modules/Users/ForgotPassword.php Vulnerable to password reset for arbitrary users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
],
"trust": 0.6
}
}
VAR-200707-0488
Vulnerability from variot - Updated: 2023-12-18 13:15index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. vtiger CRM is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85611"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-3616",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26978",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3616",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-116",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26978",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. vtiger CRM is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "VULHUB",
"id": "VHN-26978"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3616",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116",
"trust": 0.7
},
{
"db": "BID",
"id": "85611",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26978",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
]
},
"id": "VAR-200707-0488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:15:41.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2237",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2237"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2237"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3616"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3616"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26978"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85611"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-26978"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85611"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"date": "2008-09-05T21:26:09.963000",
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"date": "2007-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of index.php Vulnerable to management changes",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
],
"trust": 0.6
}
}
VAR-201112-0339
Vulnerability from variot - Updated: 2023-12-18 13:15vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability. Attackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access. Versions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lt",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.6,
"vendor": "vtiger",
"version": "\u003c=5.2.x"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pratim",
"sources": [
{
"db": "BID",
"id": "51024"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4679",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2011-5717",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "7d716c21-463f-11e9-be3d-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-52624",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4679",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2011-5717",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability. \nAttackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access. \nVersions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52624"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4679",
"trust": 3.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5717",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299",
"trust": 0.8
},
{
"db": "BID",
"id": "51024",
"trust": 0.4
},
{
"db": "IVD",
"id": "7D716C21-463F-11E9-BE3D-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "57CA12F8-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52624",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"id": "VAR-201112-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
}
]
},
"last_update_date": "2023-12-18T13:15:05.596000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ticket #7003",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003"
},
{
"title": "Ticket #7004",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004"
},
{
"title": "Oct2011:ODUpdate",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/oct2011:odupdate"
},
{
"title": "Patch for vtiger CRM Leads module security vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/37813"
},
{
"title": "vtigercrm-521-530-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41995"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41994"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41993"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003"
},
{
"trust": 2.0,
"url": "http://wiki.vtiger.com/index.php/oct2011:odupdate"
},
{
"trust": 1.7,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4679"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4679"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"date": "2011-12-08T00:00:00",
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-52624"
},
{
"date": "2011-01-04T00:00:00",
"db": "BID",
"id": "51024"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"date": "2011-12-07T19:55:02.440000",
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52624"
},
{
"date": "2011-01-04T00:00:00",
"db": "BID",
"id": "51024"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"date": "2017-11-22T16:05:10.707000",
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Leads Module Security Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 0.6
}
}
VAR-201905-0625
Vulnerability from variot - Updated: 2023-12-18 13:13modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter. Vtiger CRM Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201905-0625",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.8,
"vendor": "vtiger",
"version": "6.5.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "NVD",
"id": "CVE-2016-10754"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:6.5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10754"
}
]
},
"cve": "CVE-2016-10754",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-10754",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-89562",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-10754",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-10754",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201905-1005",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-89562",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89562"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "NVD",
"id": "CVE-2016-10754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "modules/Calendar/Activity.php in Vtiger CRM 6.5.0 allows SQL injection via the contactidlist parameter. Vtiger CRM Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability stems from the lack of verification of externally input SQL statements in database-based applications. Attackers can exploit this vulnerability to execute illegal SQL commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-10754"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "VULHUB",
"id": "VHN-89562"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-10754",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009340",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1005",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-89562",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89562"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "NVD",
"id": "CVE-2016-10754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
]
},
"id": "VAR-201905-0625",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-89562"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:13:27.781000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/"
},
{
"title": "Vtiger CRM SQL Repair measures for injecting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=92961"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89562"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "NVD",
"id": "CVE-2016-10754"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://blog.ripstech.com/2016/vtiger-sql-injection/"
},
{
"trust": 1.7,
"url": "https://demo.ripstech.com/projects/vtiger_6.5.0"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10754"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10754"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89562"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "NVD",
"id": "CVE-2016-10754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-89562"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"db": "NVD",
"id": "CVE-2016-10754"
},
{
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-89562"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"date": "2019-05-24T18:29:00.410000",
"db": "NVD",
"id": "CVE-2016-10754"
},
{
"date": "2019-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-89562"
},
{
"date": "2019-06-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-009340"
},
{
"date": "2019-05-29T16:43:01.130000",
"db": "NVD",
"id": "CVE-2016-10754"
},
{
"date": "2019-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-009340"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201905-1005"
}
],
"trust": 0.6
}
}
VAR-201906-1070
Vulnerability from variot - Updated: 2023-12-18 13:08vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts&view=List (app parameter). vtiger CRM Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-1070",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "7.0.1"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"db": "NVD",
"id": "CVE-2018-8047"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.0.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8047"
}
]
},
"cve": "CVE-2018-8047",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-8047",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-138079",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-8047",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8047",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-265",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138079",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"db": "NVD",
"id": "CVE-2018-8047"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM 7.0.1 is affected by one reflected Cross-Site Scripting (XSS) vulnerability affecting version 7.0.1 and probably prior versions. This vulnerability could allow remote unauthenticated attackers to inject arbitrary web script or HTML via index.php?module=Contacts\u0026view=List (app parameter). vtiger CRM Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability stems from the lack of correct validation of client data in WEB applications. An attacker could exploit this vulnerability to execute client code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8047"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"db": "VULHUB",
"id": "VHN-138079"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8047",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015583",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-265",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-138079",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"db": "NVD",
"id": "CVE-2018-8047"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
]
},
"id": "VAR-201906-1070",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138079"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:08:03.105000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"db": "NVD",
"id": "CVE-2018-8047"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.wizlynxgroup.com/security-research-advisories/vuln/wlx-2018-001"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8047"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8047"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vtiger-crm-cross-site-scripting-29485"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"db": "NVD",
"id": "CVE-2018-8047"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138079"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"db": "NVD",
"id": "CVE-2018-8047"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-06T00:00:00",
"db": "VULHUB",
"id": "VHN-138079"
},
{
"date": "2019-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"date": "2019-06-06T19:29:00.250000",
"db": "NVD",
"id": "CVE-2018-8047"
},
{
"date": "2019-06-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-138079"
},
{
"date": "2019-06-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015583"
},
{
"date": "2019-06-07T18:39:08.160000",
"db": "NVD",
"id": "CVE-2018-8047"
},
{
"date": "2019-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015583"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-265"
}
],
"trust": 0.6
}
}
VAR-201112-0340
Vulnerability from variot - Updated: 2023-12-18 13:04Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Attackers can build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to vtiger CRM 5.2.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "rc",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "4"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger crm",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.2.1"
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2:*:validation:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2:patch1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:3.0:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.4:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.1.0:rc:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4:beta:*:it:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "51023"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-4680",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "57d70116-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52625",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4680",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Attackers can build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to vtiger CRM 5.2.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52625"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4680",
"trust": 3.6
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-5252",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300",
"trust": 0.8
},
{
"db": "BID",
"id": "51023",
"trust": 0.4
},
{
"db": "IVD",
"id": "57D70116-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52625",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"id": "VAR-201112-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
}
],
"trust": 1.5395833200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
}
]
},
"last_update_date": "2023-12-18T13:04:23.979000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Jan2011:ODUpdate",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/jan2011:odupdate"
},
{
"title": "Patch for vtiger CRM Cross-Site Scripting Vulnerability (CNVD-2011-5252)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6258"
},
{
"title": "vtigercrm-521-530-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41995"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41994"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41993"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://wiki.vtiger.com/index.php/jan2011:odupdate"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4680"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4680"
},
{
"trust": 0.6,
"url": "http://wiki.vtiger.com/index.php/jan2011"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-52625"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51023"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"date": "2011-12-07T19:55:02.470000",
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-52625"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51023"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"date": "2018-10-30T16:25:41.670000",
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
],
"trust": 0.6
}
}
VAR-202002-0570
Vulnerability from variot - Updated: 2023-12-18 13:01vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execution Vulnerability. vTiger CRM Exists in a vulnerability related to unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. vTiger CRM 5.3.0 and 5.4.0 are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0570",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.1,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.4"
}
],
"sources": [
{
"db": "BID",
"id": "63454"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"db": "NVD",
"id": "CVE-2013-3591"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.3.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:5.4.0:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3591"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brandon Perry",
"sources": [
{
"db": "BID",
"id": "63454"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3591",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-007192",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-63593",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007192",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3591",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2013-007192",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-746",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63593",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63593"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"db": "NVD",
"id": "CVE-2013-3591"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM 5.3 and 5.4: \u0027files\u0027 Upload Folder Arbitrary PHP Code Execution Vulnerability. vTiger CRM Exists in a vulnerability related to unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. \nAn attacker can exploit this issue to inject and execute arbitrary PHP code in the context of the affected application. This may facilitate a compromise of the application and the underlying system; other attacks are also possible. \nvTiger CRM 5.3.0 and 5.4.0 are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3591"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"db": "BID",
"id": "63454"
},
{
"db": "VULHUB",
"id": "VHN-63593"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63593",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63593"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3591",
"trust": 2.8
},
{
"db": "BID",
"id": "63454",
"trust": 2.8
},
{
"db": "EXPLOIT-DB",
"id": "29319",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-746",
"trust": 0.7
},
{
"db": "SEEBUG",
"id": "SSVID-82831",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123858",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63593",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63593"
},
{
"db": "BID",
"id": "63454"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"db": "NVD",
"id": "CVE-2013-3591"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
]
},
"id": "VAR-202002-0570",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63593"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T13:01:54.112000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://sourceforge.net/projects/vtigercrm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63593"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"db": "NVD",
"id": "CVE-2013-3591"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/63454"
},
{
"trust": 2.0,
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/29319"
},
{
"trust": 1.7,
"url": "https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-foss-disclosures-part-one"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3591"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3591"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%205.1.0/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63593"
},
{
"db": "BID",
"id": "63454"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"db": "NVD",
"id": "CVE-2013-3591"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63593"
},
{
"db": "BID",
"id": "63454"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"db": "NVD",
"id": "CVE-2013-3591"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-07T00:00:00",
"db": "VULHUB",
"id": "VHN-63593"
},
{
"date": "2013-10-30T00:00:00",
"db": "BID",
"id": "63454"
},
{
"date": "2020-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"date": "2020-02-07T15:15:10.383000",
"db": "NVD",
"id": "CVE-2013-3591"
},
{
"date": "2013-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "VULHUB",
"id": "VHN-63593"
},
{
"date": "2013-10-30T00:00:00",
"db": "BID",
"id": "63454"
},
{
"date": "2020-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007192"
},
{
"date": "2020-02-11T19:40:42.467000",
"db": "NVD",
"id": "CVE-2013-3591"
},
{
"date": "2020-05-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM Vulnerability in unlimited upload of dangerous types of files in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-746"
}
],
"trust": 0.6
}
}
VAR-200609-0075
Vulnerability from variot - Updated: 2023-12-18 12:59Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "4.2.4"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4617"
}
]
},
"cve": "CVE-2006-4617",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-4617",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-20725",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4617",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-055",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-20725",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20725"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"db": "VULHUB",
"id": "VHN-20725"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4617",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "28459",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003122",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-055",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-20725",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20725"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
]
},
"id": "VAR-200609-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20725"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T12:59:13.065000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4617"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.security-net.biz/adv/d3906a.txt"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28459"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4617"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4617"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20725"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-20725"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-20725"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"date": "2006-09-07T00:04:00",
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"date": "2006-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-20725"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003122"
},
{
"date": "2008-09-05T21:10:09.613000",
"db": "NVD",
"id": "CVE-2006-4617"
},
{
"date": "2006-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of fileupload.html Vulnerable to uploading arbitrary files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-055"
}
],
"trust": 0.6
}
}
VAR-200707-0374
Vulnerability from variot - Updated: 2023-12-18 12:59vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. vtiger CRM is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0374",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85628"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-3599",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-26961",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3599",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-26961",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. vtiger CRM is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "VULHUB",
"id": "VHN-26961"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3599",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "45781",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108",
"trust": 0.7
},
{
"db": "BID",
"id": "85628",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26961",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
]
},
"id": "VAR-200707-0374",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T12:59:01.543000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2968",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2968"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2968"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45781"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3599"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3599"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26961"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85628"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-26961"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85628"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"date": "2008-11-15T06:53:20.420000",
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerabilities such as importing contact information",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
],
"trust": 0.6
}
}
VAR-201408-0376
Vulnerability from variot - Updated: 2023-12-18 12:57Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. Vtiger CRM of kcfinder/browse.php Contains a directory traversal vulnerability. An attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible. vtiger CRM 5.4.0, 6.0 RC and 6.0.0 GA are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0.0 security patch 1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "6.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jerzy Kramarz",
"sources": [
{
"db": "BID",
"id": "66136"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
],
"trust": 0.9
},
"cve": "CVE-2014-1222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-1222",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-69160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1222",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. Vtiger CRM of kcfinder/browse.php Contains a directory traversal vulnerability. \nAn attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible. \nvtiger CRM 5.4.0, 6.0 RC and 6.0.0 GA are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "VULHUB",
"id": "VHN-69160"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69160",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1222",
"trust": 2.8
},
{
"db": "BID",
"id": "66136",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "57149",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "36581",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "32213",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "27597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125685",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-85512",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-81201",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69160",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
]
},
"id": "VAR-201408-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T12:57:47.359000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtigercrm-600-security-patch1.zip",
"trust": 0.8,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%206.0.0/add-ons/vtigercrm-600-security-patch1.zip/download"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/"
},
{
"trust": 1.7,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%206.0.0/add-ons/vtigercrm-600-security-patch1.zip/download"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/531423/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1222"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1222"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/531423/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57149"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66136"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-69160"
},
{
"date": "2014-03-12T00:00:00",
"db": "BID",
"id": "66136"
},
{
"date": "2014-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"date": "2014-08-12T23:55:03.360000",
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-69160"
},
{
"date": "2014-03-12T00:00:00",
"db": "BID",
"id": "66136"
},
{
"date": "2015-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"date": "2018-10-09T19:42:24.453000",
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM of kcfinder/browse.php Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
],
"trust": 0.6
}
}
VAR-200609-0101
Vulnerability from variot - Updated: 2023-12-18 12:53Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. vtiger CRM Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. (1) Unspecified module description Parameters (2) HelpDesk Module solution Parameters. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: vtiger CRM Script Insertion and Administrative Modules Access
SECUNIA ADVISORY ID: SA21728
VERIFY ADVISORY: http://secunia.com/advisories/21728/
CRITICAL: Moderately critical
IMPACT: Security Bypass, Cross Site Scripting
WHERE:
From remote
SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/
DESCRIPTION: Ivan Markovic has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions.
1) Input passed to the "description" field in various modules when e.g. creating a contact and the "solution" field when an administrator modifies the solution in the HelpDesk modules isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
2) An error in the access control verification can be exploited by a normal user to access administrative modules (e.g. the settings section) by accessing certain URLs directly.
The vulnerabilities have been confirmed in version 4.2.4.
Use another product.
PROVIDED AND/OR DISCOVERED BY: Ivan Markovic
ORIGINAL ADVISORY: http://www.security-net.biz/adv/D3906a.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "4.2.4"
}
],
"sources": [
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4587"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Markovic is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "19829"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
],
"trust": 0.9
},
"cve": "CVE-2006-4587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-4587",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-20695",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4587",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-075",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-20695",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20695"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. vtiger CRM Contains a cross-site scripting vulnerability.By any third party, via the following parameters Web Script or HTML May be inserted. (1) Unspecified module description Parameters (2) HelpDesk Module solution Parameters. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. \nVersion 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM Script Insertion and Administrative Modules Access\n\nSECUNIA ADVISORY ID:\nSA21728\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21728/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nvtiger CRM 4.x\nhttp://secunia.com/product/6211/\n\nDESCRIPTION:\nIvan Markovic has discovered some vulnerabilities in vtiger CRM,\nwhich can be exploited by malicious people to conduct script\ninsertion attacks and bypass certain security restrictions. \n\n1) Input passed to the \"description\" field in various modules when\ne.g. creating a contact and the \"solution\" field when an\nadministrator modifies the solution in the HelpDesk modules isn\u0027t\nproperly sanitised before being used. This can be exploited to inject\narbitrary HTML and script code, which will be executed in a user\u0027s\nbrowser session in context of an affected site when the malicious\nuser data is viewed. \n\n2) An error in the access control verification can be exploited by a\nnormal user to access administrative modules (e.g. the settings\nsection) by accessing certain URLs directly. \n\nThe vulnerabilities have been confirmed in version 4.2.4. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nIvan Markovic\n\nORIGINAL ADVISORY:\nhttp://www.security-net.biz/adv/D3906a.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "VULHUB",
"id": "VHN-20695"
},
{
"db": "PACKETSTORM",
"id": "49637"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4587",
"trust": 2.5
},
{
"db": "BID",
"id": "19829",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "21728",
"trust": 1.8
},
{
"db": "VUPEN",
"id": "ADV-2006-3444",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28461",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "28460",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003115",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-075",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-20695",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49637",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20695"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"db": "PACKETSTORM",
"id": "49637"
},
{
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
]
},
"id": "VAR-200609-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20695"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T12:53:23.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.security-net.biz/adv/d3906a.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19829"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28460"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28461"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21728"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3444"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4587"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4587"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3444"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6211/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21728/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20695"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"db": "PACKETSTORM",
"id": "49637"
},
{
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-20695"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"db": "PACKETSTORM",
"id": "49637"
},
{
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-20695"
},
{
"date": "2006-09-04T00:00:00",
"db": "BID",
"id": "19829"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"date": "2006-09-06T06:32:48",
"db": "PACKETSTORM",
"id": "49637"
},
{
"date": "2006-09-06T22:04:00",
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"date": "2006-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-20695"
},
{
"date": "2006-09-06T20:23:00",
"db": "BID",
"id": "19829"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003115"
},
{
"date": "2011-03-08T02:41:25.687000",
"db": "NVD",
"id": "CVE-2006-4587"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003115"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-075"
}
],
"trust": 0.6
}
}
VAR-200609-0102
Vulnerability from variot - Updated: 2023-12-18 12:53vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. Version 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well.
Want to work within IT-Security?
Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit.
Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: vtiger CRM Script Insertion and Administrative Modules Access
SECUNIA ADVISORY ID: SA21728
VERIFY ADVISORY: http://secunia.com/advisories/21728/
CRITICAL: Moderately critical
IMPACT: Security Bypass, Cross Site Scripting
WHERE:
From remote
SOFTWARE: vtiger CRM 4.x http://secunia.com/product/6211/
DESCRIPTION: Ivan Markovic has discovered some vulnerabilities in vtiger CRM, which can be exploited by malicious people to conduct script insertion attacks and bypass certain security restrictions.
1) Input passed to the "description" field in various modules when e.g. creating a contact and the "solution" field when an administrator modifies the solution in the HelpDesk modules isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
2) An error in the access control verification can be exploited by a normal user to access administrative modules (e.g. the settings section) by accessing certain URLs directly.
The vulnerabilities have been confirmed in version 4.2.4.
Use another product.
PROVIDED AND/OR DISCOVERED BY: Ivan Markovic
ORIGINAL ADVISORY: http://www.security-net.biz/adv/D3906a.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200609-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "4.2.4"
}
],
"sources": [
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4588"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Markovic is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "19829"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
],
"trust": 0.9
},
"cve": "CVE-2006-4588",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2006-4588",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-20696",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-4588",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200609-061",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-20696",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20696"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to bypass authentication and access administrative modules via a direct request to index.php with a modified module parameter, as demonstrated using the Settings module. The vtiger CRM is prone to HTML-injection and access-control-bypass vulnerabilities because the application fails to properly sanitize user-supplied input and effectively control access to administrative modules. \nVersion 4.2.4 of vtiger CRM is reportedly affected; previous versions may be vulnerable as well. \n\n----------------------------------------------------------------------\n\nWant to work within IT-Security?\n\nSecunia is expanding its team of highly skilled security experts. \nWe will help with relocation and obtaining a work permit. \n\nCurrently the following type of positions are available:\nhttp://secunia.com/quality_assurance_analyst/\nhttp://secunia.com/web_application_security_specialist/ \nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM Script Insertion and Administrative Modules Access\n\nSECUNIA ADVISORY ID:\nSA21728\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21728/\n\nCRITICAL:\nModerately critical\n\nIMPACT:\nSecurity Bypass, Cross Site Scripting\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nvtiger CRM 4.x\nhttp://secunia.com/product/6211/\n\nDESCRIPTION:\nIvan Markovic has discovered some vulnerabilities in vtiger CRM,\nwhich can be exploited by malicious people to conduct script\ninsertion attacks and bypass certain security restrictions. \n\n1) Input passed to the \"description\" field in various modules when\ne.g. creating a contact and the \"solution\" field when an\nadministrator modifies the solution in the HelpDesk modules isn\u0027t\nproperly sanitised before being used. This can be exploited to inject\narbitrary HTML and script code, which will be executed in a user\u0027s\nbrowser session in context of an affected site when the malicious\nuser data is viewed. \n\n2) An error in the access control verification can be exploited by a\nnormal user to access administrative modules (e.g. the settings\nsection) by accessing certain URLs directly. \n\nThe vulnerabilities have been confirmed in version 4.2.4. \n\nUse another product. \n\nPROVIDED AND/OR DISCOVERED BY:\nIvan Markovic\n\nORIGINAL ADVISORY:\nhttp://www.security-net.biz/adv/D3906a.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "VULHUB",
"id": "VHN-20696"
},
{
"db": "PACKETSTORM",
"id": "49637"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-4588",
"trust": 2.5
},
{
"db": "BID",
"id": "19829",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "21728",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "28462",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-3444",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003116",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200609-061",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-20696",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "49637",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20696"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"db": "PACKETSTORM",
"id": "49637"
},
{
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
]
},
"id": "VAR-200609-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-20696"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T12:53:22.677000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-4588"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.security-net.biz/adv/d3906a.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19829"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/28462"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21728"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/3444"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-4588"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-4588"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/3444"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/6211/"
},
{
"trust": 0.1,
"url": "http://secunia.com/quality_assurance_analyst/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/21728/"
},
{
"trust": 0.1,
"url": "http://secunia.com/web_application_security_specialist/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-20696"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"db": "PACKETSTORM",
"id": "49637"
},
{
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-20696"
},
{
"db": "BID",
"id": "19829"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"db": "PACKETSTORM",
"id": "49637"
},
{
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-20696"
},
{
"date": "2006-09-04T00:00:00",
"db": "BID",
"id": "19829"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"date": "2006-09-06T06:32:48",
"db": "PACKETSTORM",
"id": "49637"
},
{
"date": "2006-09-06T22:04:00",
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"date": "2006-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-20696"
},
{
"date": "2006-09-06T20:23:00",
"db": "BID",
"id": "19829"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003116"
},
{
"date": "2011-03-08T02:41:25.767000",
"db": "NVD",
"id": "CVE-2006-4588"
},
{
"date": "2006-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerabilities that bypass authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003116"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200609-061"
}
],
"trust": 0.6
}
}
VAR-200707-0376
Vulnerability from variot - Updated: 2023-12-18 12:53vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. vtiger CRM is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85627"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3601",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-3601",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-26963",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3601",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-103",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-26963",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users\u0027 calendar activities via a (1) home page or (2) event list view. vtiger CRM is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "VULHUB",
"id": "VHN-26963"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3601",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "45785",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103",
"trust": 0.6
},
{
"db": "BID",
"id": "85627",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26963",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
]
},
"id": "VAR-200707-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T12:53:05.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3990",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45785"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3601"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3601"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26963"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85627"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-26963"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85627"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"date": "2008-11-15T06:53:20.967000",
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerability in reading calendar items of specific users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
],
"trust": 0.6
}
}
VAR-200707-0378
Vulnerability from variot - Updated: 2023-12-18 12:53SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. vtiger CRM is prone to a sql-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vtiger:vtiger_crm:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.0.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "81654"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2007-3603",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-3603",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-100",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26965",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. vtiger CRM is prone to a sql-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "VULHUB",
"id": "VHN-26965"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3603",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "45782",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100",
"trust": 0.6
},
{
"db": "BID",
"id": "81654",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26965",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
]
},
"id": "VAR-200707-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
}
],
"trust": 0.62916664
},
"last_update_date": "2023-12-18T12:53:05.550000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3196",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://forums.vtiger.com/viewtopic.php?p=44717"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45782"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3603"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3603"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26965"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "81654"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-26965"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "81654"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"date": "2008-11-13T06:42:43.390000",
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"date": "2007-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of dashboard In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
],
"trust": 0.6
}
}