Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Vtiger CRM 7.1.0 before Hotfix2 allows uploading files with the extension "php3" in the logo upload field, if the uploaded file is in PNG format and has a size of 150x40. One can put PHP code into the image; PHP code can be executed using "<? ?>" tags, as demonstrated by a CompanyDetailsSave action. This bypasses the bad-file-extensions protection mechanism. It is related to actions/CompanyDetailsSave.php, actions/UpdateCompanyLogo.php, and models/CompanyDetails.php.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Vtiger CRM 安全漏洞
Vulnerability Description
Vtiger CRM是美国Vtiger公司的一套基于SugarCRM开发的客户关系管理系统(CRM)。该管理系统提供管理、收集、分析客户信息等功能。 Vtiger CRM 7.1.0 Hotfix2之前版本中的actions/CompanyDetailsSave.php文件、actions/UpdateCompanyLogo.php文件和models/CompanyDetails.php文件中存在安全漏洞。远程攻击者可通过在logo上传字段上传带有php3扩展名的文件利用该漏洞执行PHP代码。
CVSS Information
N/A
Vulnerability Type
N/A