 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.808752 |
| Categoría: | Web application abuses |
| Título: | VTiger CRM Privilege Escalation and Unrestricted File Upload Vulnerability |
| Resumen: | VTiger CRM is prone to a privilege escalation and unrestricted file upload vulnerability. |
| Descripción: | Summary: VTiger CRM is prone to a privilege escalation and unrestricted file upload vulnerability. Vulnerability Insight: The flaw is due to: - 'modules/Users/actions/Save.php' script does not properly restrict user-save actions - Settings_Vtiger_CompanyDetailsSave_Action class in 'modules/Settings/Vtiger/actions/CompanyDetailsSave.php' allosw uploading a crafted image file with an executable extension. Vulnerability Impact: Successful exploitation will allow remote authenticated users to execute arbitrary code or to create or modify user accounts via unspecified vectors. Affected Software/OS: VTiger CRM before version 6.5.0. Solution: Upgrade to vTiger CRM version 6.5.0 or later. CVSS Score: 8.5 CVSS Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2016-4834 BugTraq ID: 92076 http://www.securityfocus.com/bid/92076 http://jvn.jp/en/jp/JVN01956993/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000126 http://www.securitytracker.com/id/1036485 Common Vulnerability Exposure (CVE) ID: CVE-2016-1713 https://www.exploit-db.com/exploits/44379/ http://b.fl7.de/2016/01/vtiger-crm-6.4-auth-rce.html http://www.openwall.com/lists/oss-security/2016/01/12/4 http://www.openwall.com/lists/oss-security/2016/01/12/7 |
| Copyright | Copyright (C) 2016 Greenbone AG |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |