Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
vtiger CRM 多个输入验证漏洞
Vulnerability Description
vtiger CRM 5.0.4版本的写邮件功能的saveForwardAttachments程序允许远程认证用户通过写一封具有附件文件名的邮件,且该文件名以(1)基于某个Apache HTTP服务器设置中的.php,(2)在Windows上的 .php.或(3)Linux上的.php/结尾,并向某个storage/下的路径名提交一个直接的请求,来执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A