Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
vtiger CRM config.template.php文件不完整黑名单漏洞
Vulnerability Description
vtiger CRM 是基于web的开源客户关系管理系统。 vtiger CRM 5.2.1之前版本中的config.template.php文件中存在不完整黑名单漏洞。远程认证用户可以通过使用在Compose Mail组件中的草稿保存功能来上传带有.phtml扩展名的文件,然后借助在storage/ directory树中对该文件的直接请求来访问该文件,从而执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A