Showing 1 - 1 of 1

CVE-2010-3909

Status Candidate

Overview

Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.

Related Files

Vtiger CRM 5.2.0 Code Execution / Cross Site Scripting / Local File Inclusion: Posted Nov 18, 2010; Authored by Alessandro Tanasi, Giovanni Pellerano; Vtiger CRM 5.2.0 suffers from code execution, cross site scripting and local file inclusion vulnerabilities.; tags | exploit, local, vulnerability, code execution, xss, file inclusion; advisories | CVE-2010-3909, CVE-2010-3910, CVE-2010-3911; SHA-256 | ded3215c44adfd32a956127f5f678bade57d06fb1464aae34530de82afd5278b; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2010-3909

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems