Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vtiger CRM ‘browse.php’目录遍历漏洞漏洞
Vulnerability Description
Vtiger CRM是美国Vtiger公司的一套基于SugarCRM开发的客户关系管理系统(CRM)。该管理系统提供管理、收集、分析客户信息等功能。 Vtiger CRM 6.0.0 Security patch 1之前版本的kcfinder/browse.php脚本中存在目录遍历漏洞。远程攻击者可通过download操作中的‘file’参数中的目录遍历字符‘..’利用该漏洞读取任意文件。
CVSS Information
N/A
Vulnerability Type
N/A