Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
vTiger index.php多个目录遍历漏洞
Vulnerability Description
Vtiger CRM是美国Vtiger公司的一套基于SugarCRM开发的客户关系管理系统(CRM)。该管理系统提供管理、收集、分析客户信息等功能。 vTiger CRM 4.2及更早的版本中,index.php存在多个目录遍历漏洞,这允许远程攻击者通过在 (1) module 参数和 (2)Leads模块中的 action 参数,中包含..和空节节("%00")序列来读取或包含任意的文件,此漏洞也可以通过向日志消息中注入PHP代码并访问日志文件来演示。
CVSS Information
N/A
Vulnerability Type
N/A