ID de Prueba:	1.3.6.1.4.1.25623.1.0.103973
Categoría:	Web application abuses
Título:	vTiger CRM PHP Code Injection Vulnerability
Resumen:	vTiger CRM PHP Code Injection Vulnerability
Descripción:	Summary: vTiger CRM PHP Code Injection Vulnerability Vulnerability Insight: The installed vTiger CRM is prone to a PHP code injection vulnerability. The AddEmailAttachment SOAP method in /soap/vtigerolservice.php fails to properly validate input passed through the 'filedata' and 'filename' parameters which are used to write an 'email attachement' in the storage directory. Vulnerability Impact: A remote attacker can write (or overwrite) files with any content, resulting in execution of arbitrary PHP code. Affected Software/OS: vTiger CRM version 5.0.0 to 5.4.0. Solution: Apply the patch from the link below or upgrade to version 6.0 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2013-3214 BugTraq ID: 61558 http://www.securityfocus.com/bid/61558 http://www.exploit-db.com/exploits/30787 XForce ISS Database: 86164 https://exchange.xforce.ibmcloud.com/vulnerabilities/86164
Copyright	Copyright (C) 2014 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.