Search criteria
88 vulnerabilities found for CRM by vTiger
VAR-202505-3051
Vulnerability from variot - Updated: 2025-06-15 23:21A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Vtiger of Vtiger CRM There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-3051",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.8,
"vendor": "vtiger",
"version": "8.3.0"
},
{
"model": "crm",
"scope": null,
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"cve": "CVE-2025-45753",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2025-45753",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2025-006737",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-45753",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2025-006737",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A vulnerability in Vtiger CRM Open Source Edition v8.3.0 allows an attacker with admin privileges to execute arbitrary PHP code by exploiting the ZIP import functionality in the Module Import feature. Vtiger of Vtiger CRM There is a code injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-45753"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-45753",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006737",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"id": "VAR-202505-3051",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52916664
},
"last_update_date": "2025-06-15T23:21:34.389000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.0
},
{
"problemtype": "Code injection (CWE-94) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.simonjuguna.com/cve-2025-45753-authenticated-remote-code-execution-vulnerability-in-vtiger-open-source-edition-v8-3-0/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-45753"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"date": "2025-05-21T21:16:03.403000",
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T07:59:00",
"db": "JVNDB",
"id": "JVNDB-2025-006737"
},
{
"date": "2025-06-10T19:34:41.410000",
"db": "NVD",
"id": "CVE-2025-45753"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0 of \u00a0Vtiger\u00a0CRM\u00a0 Code injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006737"
}
],
"trust": 0.8
}
}
VAR-202505-3447
Vulnerability from variot - Updated: 2025-06-12 23:22A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202505-3447",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.8,
"vendor": "vtiger",
"version": "8.3.0"
},
{
"model": "crm",
"scope": null,
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"cve": "CVE-2025-45755",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2025-45755",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2025-006629",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2025-45755",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2025-006629",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Stored Cross-Site Scripting (XSS) vulnerability exists in Vtiger CRM Open Source Edition v8.3.0, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service Name field. When the file is uploaded, the application improperly sanitizes user input, leading to persistent script execution",
"sources": [
{
"db": "NVD",
"id": "CVE-2025-45755"
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2025-45755",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2025-006629",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"id": "VAR-202505-3447",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52916664
},
"last_update_date": "2025-06-12T23:22:22.544000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.simonjuguna.com/cve-2025-45755-stored-cross-site-scripting-xss-vulnerability-in-vtiger-open-source-edition-v8-3-0/"
},
{
"trust": 1.8,
"url": "https://www.vtiger.com/open-source-crm/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2025-45755"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"date": "2025-05-21T20:15:32.227000",
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-06-11T02:01:00",
"db": "JVNDB",
"id": "JVNDB-2025-006629"
},
{
"date": "2025-06-10T19:34:54.193000",
"db": "NVD",
"id": "CVE-2025-45755"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0 of \u00a0Vtiger\u00a0CRM\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2025-006629"
}
],
"trust": 0.8
}
}
VAR-202209-1780
Vulnerability from variot - Updated: 2025-05-22 22:44Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1780",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "7.4.0"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "7.4.0 and earlier"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": null,
"trust": 0.8,
"vendor": "vtiger",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"cve": "CVE-2022-38335",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"id": "CVE-2022-38335",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2022-38335",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38335",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2022-38335",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2022-38335",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2770",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2770"
},
{
"db": "NVD",
"id": "CVE-2022-38335"
},
{
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM v7.4.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the e-mail template modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38335"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"db": "VULHUB",
"id": "VHN-434134"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38335",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017911",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2770",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-434134",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434134"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2770"
},
{
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"id": "VAR-202209-1780",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-434134"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-05-22T22:44:49.464000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.1
},
{
"problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434134"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://code.vtiger.com/vtiger/vtigercrm"
},
{
"trust": 2.5,
"url": "https://github.com/sbaresearch/advisories/tree/public/2022/sba-adv-20220328-01_vtiger_crm_stored_cross-site_scripting"
},
{
"trust": 2.5,
"url": "https://www.vtiger.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38335"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/vtiger-crm-cross-site-scripting-via-email-templates-module-39378"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38335/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-434134"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2770"
},
{
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-434134"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2770"
},
{
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-27T00:00:00",
"db": "VULHUB",
"id": "VHN-434134"
},
{
"date": "2023-10-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2770"
},
{
"date": "2022-09-27T23:15:15.120000",
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-434134"
},
{
"date": "2023-10-17T08:04:00",
"db": "JVNDB",
"id": "JVNDB-2022-017911"
},
{
"date": "2022-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2770"
},
{
"date": "2025-05-21T15:15:57.697000",
"db": "NVD",
"id": "CVE-2022-38335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0 of \u00a0Vtiger\u00a0CRM\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-017911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2770"
}
],
"trust": 0.6
}
}
VAR-202408-1386
Vulnerability from variot - Updated: 2025-05-01 23:37VTiger CRM <= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the "CompanyDetails" operation of the "MailManager" module. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-1386",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "8.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": null,
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "8.1.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"cve": "CVE-2024-42994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2024-42994",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2024-022952",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-42994",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-022952",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VTiger CRM \u003c= 8.1.0 does not properly sanitize user input before using it in a SQL statement, leading to a SQL Injection in the \"CompanyDetails\" operation of the \"MailManager\" module. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-42994"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-42994",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022952",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"id": "VAR-202408-1386",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52916664
},
"last_update_date": "2025-05-01T23:37:22.036000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.0
},
{
"problemtype": "SQL injection (CWE-89) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.shielder.com/advisories/vtiger-mailmanager-sqli/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-42994"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"date": "2024-08-16T17:15:15.153000",
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-30T06:39:00",
"db": "JVNDB",
"id": "JVNDB-2024-022952"
},
{
"date": "2025-04-28T14:10:13.853000",
"db": "NVD",
"id": "CVE-2024-42994"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0 of \u00a0Vtiger\u00a0CRM\u00a0 In \u00a0SQL\u00a0 Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022952"
}
],
"trust": 0.8
}
}
VAR-202408-1014
Vulnerability from variot - Updated: 2025-05-01 23:35VTiger CRM <= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the "Migration" administrative module to disable arbitrary modules. Vtiger of Vtiger CRM Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202408-1014",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "8.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": null,
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "8.1.0 and earlier"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"cve": "CVE-2024-42995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-42995",
"impactScore": 5.5,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-022974",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-42995",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2024-022974",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "VTiger CRM \u003c= 8.1.0 does not correctly check user privileges. A low-privileged user can interact directly with the \"Migration\" administrative module to disable arbitrary modules. Vtiger of Vtiger CRM Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-42995"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-42995",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022974",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"id": "VAR-202408-1014",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52916664
},
"last_update_date": "2025-05-01T23:35:37.694000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-269",
"trust": 1.0
},
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Improper authority management (CWE-269) [ others ]",
"trust": 0.8
},
{
"problemtype": " Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://www.shielder.com/advisories/vtiger-migration-bac/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-42995"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"date": "2024-08-16T17:15:15.273000",
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-30T07:03:00",
"db": "JVNDB",
"id": "JVNDB-2024-022974"
},
{
"date": "2025-04-28T14:09:10.273000",
"db": "NVD",
"id": "CVE-2024-42995"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0 of \u00a0Vtiger\u00a0CRM\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022974"
}
],
"trust": 0.8
}
}
VAR-202404-2329
Vulnerability from variot - Updated: 2025-04-25 01:55modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load). Vtiger of Vtiger CRM There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202404-2329",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.8,
"vendor": "vtiger",
"version": "7.5.0"
},
{
"model": "crm",
"scope": null,
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"cve": "CVE-2023-46304",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.2,
"id": "CVE-2023-46304",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "High",
"baseScore": 8.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2023-028748",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2023-46304",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "OTHER",
"id": "JVNDB-2023-028748",
"trust": 0.8,
"value": "High"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "modules/Users/models/Module.php in Vtiger CRM 7.5.0 allows a remote authenticated attacker to run arbitrary PHP code because an unprotected endpoint allows them to write this code to the config.inc.php file (executed on every page load). Vtiger of Vtiger CRM There is an injection vulnerability in.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2023-46304"
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2023-46304",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2023-028748",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"id": "VAR-202404-2329",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52916664
},
"last_update_date": "2025-04-25T01:55:54.465000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-74",
"trust": 1.0
},
{
"problemtype": "injection (CWE-74) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://code.vtiger.com/vtiger/vtigercrm/-/blob/master/modules/users/models/module.php"
},
{
"trust": 1.8,
"url": "https://code.vtiger.com/vtiger/vtigercrm/-/commit/317f9ca88b6bbded11058f20a1d232717c360d43"
},
{
"trust": 1.8,
"url": "https://github.com/jselliott/cve-2023-46304"
},
{
"trust": 1.8,
"url": "https://www.vtiger.com/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2023-46304"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"date": "2024-04-30T13:15:46.763000",
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-23T02:25:00",
"db": "JVNDB",
"id": "JVNDB-2023-028748"
},
{
"date": "2025-04-22T17:53:58.067000",
"db": "NVD",
"id": "CVE-2023-46304"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0 of \u00a0Vtiger\u00a0CRM\u00a0 Injection vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2023-028748"
}
],
"trust": 0.8
}
}
VAR-202501-2176
Vulnerability from variot - Updated: 2025-04-25 01:42Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202501-2176",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "6.1"
},
{
"model": "crm",
"scope": null,
"trust": 0.8,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.1 and earlier"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"cve": "CVE-2024-54687",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2024-54687",
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "OTHER",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2024-022715",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2024-54687",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "OTHER",
"id": "JVNDB-2024-022715",
"trust": 0.8,
"value": "Medium"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. Vtiger of Vtiger CRM Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-54687"
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
}
],
"trust": 1.62
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-54687",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2024-022715",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"id": "VAR-202501-2176",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.52916664
},
"last_update_date": "2025-04-25T01:42:12.023000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.0
},
{
"problemtype": "Cross-site scripting (CWE-79) [ others ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://andrea0.medium.com"
},
{
"trust": 1.8,
"url": "https://andrea0.medium.com/analysis-of-cve-2024-54687-9d82f4c0eaa8"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2024-54687"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"date": "2025-01-10T18:15:22.630000",
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-04-23T05:15:00",
"db": "JVNDB",
"id": "JVNDB-2024-022715"
},
{
"date": "2025-04-17T02:38:37.987000",
"db": "NVD",
"id": "CVE-2024-54687"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger\u00a0 of \u00a0Vtiger\u00a0CRM\u00a0 Cross-site scripting vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2024-022715"
}
],
"trust": 0.8
}
}
VAR-201704-0310
Vulnerability from variot - Updated: 2025-04-20 23:05Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0310",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "6.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-825"
},
{
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
}
]
},
"cve": "CVE-2016-1713",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2016-1713",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "VHN-90532",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.3,
"id": "CVE-2016-1713",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-1713",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-1713",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-825",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-90532",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-825"
},
{
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1713"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"db": "VULHUB",
"id": "VHN-90532"
}
],
"trust": 1.71
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-90532",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90532"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1713",
"trust": 2.5
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/01/12/7",
"trust": 1.7
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2016/01/12/4",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "44379",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008454",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-825",
"trust": 0.7
},
{
"db": "EXPLOIT-DB",
"id": "38345",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-90532",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-825"
},
{
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"id": "VAR-201704-0310",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-90532"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-20T23:05:14.839000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://vtiger-crm.2324883.n4.nabble.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://b.fl7.de/2016/01/vtiger-crm-6.4-auth-rce.html"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2016/01/12/4"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2016/01/12/7"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/44379/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1713"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-1713"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-825"
},
{
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-90532"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-825"
},
{
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-14T00:00:00",
"db": "VULHUB",
"id": "VHN-90532"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"date": "2017-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-825"
},
{
"date": "2017-04-14T18:59:00.237000",
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-90532"
},
{
"date": "2017-05-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008454"
},
{
"date": "2017-04-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-825"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2016-1713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-825"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM of modules/Settings/Vtiger/actions/CompanyDetailsSave.php Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008454"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-825"
}
],
"trust": 0.6
}
}
VAR-201404-0332
Vulnerability from variot - Updated: 2025-04-13 23:32modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. vtiger CRM is prone to a security-bypass vulnerability. An attacker can exploit this issue to change a user's password, thereby aiding in further attacks. vtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There is a security hole in the modules/Users/ForgotPassword.php file of Vtiger CRM6.0 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0332",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0 security patch 2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan of Navixia Research Team",
"sources": [
{
"db": "BID",
"id": "66757"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2269",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2269",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-70208",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2269",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2269",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201404-432",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70208",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPassword parameters. vtiger CRM is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to change a user\u0027s password, thereby aiding in further attacks. \nvtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. There is a security hole in the modules/Users/ForgotPassword.php file of Vtiger CRM6.0 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2269"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "VULHUB",
"id": "VHN-70208"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2269",
"trust": 2.8
},
{
"db": "BID",
"id": "66758",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[VTIGERCRM-DEVELOPERS] 20140316 IMP: FORGOT PASSWORD AND RE-INSTALLATION SECURITY FIX",
"trust": 0.6
},
{
"db": "BID",
"id": "66757",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-70208",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"id": "VAR-201404-0332",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-13T23:32:50.325000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IMP: forgot password and re-installation security fix",
"trust": 0.8,
"url": "http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"title": "vtigercrm-600-security-patch2",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49462"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/66758"
},
{
"trust": 1.7,
"url": "http://vtiger-crm.2324883.n4.nabble.com/vtigercrm-developers-imp-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2269"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2269"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70208"
},
{
"db": "BID",
"id": "66757"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
},
{
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70208"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66757"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-432"
},
{
"date": "2014-04-22T13:06:28.523000",
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-22T00:00:00",
"db": "VULHUB",
"id": "VHN-70208"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66757"
},
{
"date": "2014-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002214"
},
{
"date": "2014-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201404-432"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2269"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger of modules/Users/ForgotPassword.php Vulnerable to password reset for arbitrary users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-002214"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201404-432"
}
],
"trust": 0.6
}
}
VAR-201411-0075
Vulnerability from variot - Updated: 2025-04-13 23:32views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. Exploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. vtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company, which provides functions such as management, collection and analysis of customer information. Install Module is one of the installation modules
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0 security patch 2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan of Navixia Research Team",
"sources": [
{
"db": "BID",
"id": "66758"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
],
"trust": 0.9
},
"cve": "CVE-2014-2268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2268",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-70207",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-2268",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-2268",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-544",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-70207",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2014-2268",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter. vtiger CRM is prone to a remote code-execution vulnerability because the application fails to sufficiently sanitize user-supplied input. \nExploiting this issue will allow attackers to execute arbitrary code within the context of the affected application. \nvtiger CRM 6.0 is vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company, which provides functions such as management, collection and analysis of customer information. Install Module is one of the installation modules",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2268"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70207",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=32794",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2268",
"trust": 2.9
},
{
"db": "BID",
"id": "66757",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "32794",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544",
"trust": 0.7
},
{
"db": "BID",
"id": "66758",
"trust": 0.5
},
{
"db": "PACKETSTORM",
"id": "126067",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-86064",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-70207",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-2268",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"id": "VAR-201411-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-13T23:32:50.292000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "IMP: forgot password and re-installation security fix",
"trust": 0.8,
"url": "http://vtiger-crm.2324883.n4.nabble.com/Vtigercrm-developers-IMP-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"title": "vtigercrm-600-security-patch3",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=52472"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.navixia.com/blog/entry/navixia-find-critical-vulnerabilities-in-vtiger-crm-cve-2014-2268-cve-2014-2269.html"
},
{
"trust": 2.1,
"url": "http://vtiger-crm.2324883.n4.nabble.com/vtigercrm-developers-imp-forgot-password-and-re-installation-security-fix-tt9786.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/66757"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/32794"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2268"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2268"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/32794/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/multi/http/vtiger_install_rce"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/66758"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-70207"
},
{
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"db": "BID",
"id": "66758"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
},
{
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-16T00:00:00",
"db": "VULHUB",
"id": "VHN-70207"
},
{
"date": "2014-11-16T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66758"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"date": "2014-04-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-544"
},
{
"date": "2014-11-16T01:59:00.130000",
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-70207"
},
{
"date": "2017-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2268"
},
{
"date": "2014-04-10T00:00:00",
"db": "BID",
"id": "66758"
},
{
"date": "2014-11-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005475"
},
{
"date": "2014-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-544"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-2268"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger Of installation modules views/Index.php Vulnerable to application reinstallation",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005475"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-544"
}
],
"trust": 0.6
}
}
VAR-201608-0190
Vulnerability from variot - Updated: 2025-04-13 23:17modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. Vtiger CRM is a customer relationship management (CRM) software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user with user privileges may create new users or alter existing user information. Successfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. Vtiger CRM 6.4.0 and prior versions are vulnerable. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability is caused by the program not properly restricting the user-save operation
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201608-0190",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "6.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "6.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.5.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "6.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.1"
}
],
"sources": [
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inc.,Hirota Kazuki of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4834",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2016-4834",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.1,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000126",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-93653",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-4834",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000126",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-4834",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000126",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201607-960",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93653",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2016-4834",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does not properly restrict user-save actions, which allows remote authenticated users to create or modify user accounts via unspecified vectors. Vtiger CRM is a customer relationship management (CRM) software. Vtiger CRM contains a vulnerability where it does not properly restrict access to user information data. Hirota Kazuki of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user with user privileges may create new users or alter existing user information. \nSuccessfully exploiting this issue may allow attackers to perform unauthorized actions. This may lead to other attacks. \nVtiger CRM 6.4.0 and prior versions are vulnerable. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability is caused by the program not properly restricting the user-save operation",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4834"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4834",
"trust": 2.9
},
{
"db": "JVN",
"id": "JVN01956993",
"trust": 2.9
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126",
"trust": 2.6
},
{
"db": "BID",
"id": "92076",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1036485",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-93653",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-4834",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"id": "VAR-201608-0190",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-13T23:17:53.040000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Download - Vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/download/"
},
{
"title": "Refactored access control on user-save operation. ",
"trust": 0.8,
"url": "http://code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68c"
},
{
"title": "Vtiger CRM Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63312"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://jvn.jp/en/jp/jvn01956993/index.html"
},
{
"trust": 2.1,
"url": "http://code.vtiger.com/vtiger/vtigercrm/commit/7cdf9941197b4aa58114eafce3ce88fb418eb68c"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/92076"
},
{
"trust": 1.8,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000126"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1036485"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4834"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4834"
},
{
"trust": 0.3,
"url": "https://www.vtiger.com"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-93653"
},
{
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"db": "BID",
"id": "92076"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
},
{
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-01T00:00:00",
"db": "VULHUB",
"id": "VHN-93653"
},
{
"date": "2016-08-01T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"date": "2016-07-20T00:00:00",
"db": "BID",
"id": "92076"
},
{
"date": "2016-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"date": "2016-07-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-960"
},
{
"date": "2016-08-01T02:59:14.620000",
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-06T00:00:00",
"db": "VULHUB",
"id": "VHN-93653"
},
{
"date": "2016-12-06T00:00:00",
"db": "VULMON",
"id": "CVE-2016-4834"
},
{
"date": "2016-07-20T00:00:00",
"db": "BID",
"id": "92076"
},
{
"date": "2016-08-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000126"
},
{
"date": "2021-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201607-960"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-4834"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM does not properly restrict access to application data",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000126"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201607-960"
}
],
"trust": 0.6
}
}
VAR-201404-0102
Vulnerability from variot - Updated: 2025-04-13 23:17Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php. Vtiger CRM Is SQL An injection vulnerability exists.By any third party, via the following parameters SQL The command may be executed. (4) soap/thunderbirdplugin.php of SearchContactsByEmail In the method emailaddress Parameters. vtiger CRM is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vtiger CRM 5.0.0 through versions 5.4.0 are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the soap/customerportal.php script does not correctly filter the 'picklist_name' parameter in the get_picklists method; the soap/customerportal.php script does not correctly filter the get_tickets_list method The 'where' parameter; the soap/vtigerolservice.php script does not correctly filter the 'emailaddress' parameter in the SearchContactsByEmail method; the soap/thunderbirdplugin.php script does not correctly filter the 'emailaddress' parameter in the SearchContactsByEmail method.
[-] Vulnerability Description:
1) The vulnerable code is located in the get_picklists SOAP method defined in /soap/customerportal.php:
- $id = $input_array['id'];
- $sessionid = $input_array['sessionid'];
- $picklist_name = $adb->sql_escape_string($input_array['picklist_name']);
- if(!validateSession($id,$sessionid))
- return null;
- $picklist_array = Array();
- $admin_role = 'H2';
- $userid = getPortalUserid();
- $roleres = $adb->pquery("SELECT roleid from vtiger_user2role where userid = ?", array($userid));
- $RowCount = $adb->num_rows($roleres);
- if($RowCount > 0){
- $admin_role = $adb->query_result($roleres,0,'roleid');
- }
- $res = $adb->pquery("select vtiger_". $picklist_name.".* from vtiger_". $picklist_name." inner join [...]
User input passed through the "picklist_name" parameter seems to be correctly sanitised by the sql_escape_string() method, but the vulnerability exists because it's used in the query at line 1194 without single or double quotes. This can be exploited to conduct blind SQL injection attacks.
2) The vulnerable code is located in the get_tickets_list SOAP method defined in /soap/customerportal.php:
- $id = $input_array['id'];
- $only_mine = $input_array['onlymine'];
- $where = $input_array['where']; //addslashes is already added with where condition fields in portal itself
- $match = $input_array['match'];
- $sessionid = $input_array['sessionid'];
- if(!validateSession($id,$sessionid))
- return null;
- // Prepare where conditions based on search query
- $join_type = '';
- $where_conditions = '';
- if(trim($where) != '') {
- if($match == 'all' || $match == '') {
- $join_type = " AND ";
- } elseif($match == 'any') {
- $join_type = " OR ";
- }
- $where = explode("&&&",$where);
- $where_conditions = implode($join_type, $where);
[...]
- $query = "SELECT vtiger_troubletickets.*, vtiger_crmentity.smownerid,vtiger_crmentity.createdtime, [...]
- FROM vtiger_troubletickets
- INNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_troubletickets.ticketid AND [...]
- WHERE vtiger_troubletickets.parent_id IN (". generateQuestionMarks($entity_ids_list) .")";
- // Add conditions if there are any search parameters
- if ($join_type != '' && $where_conditions != '') {
- $query .= " AND (".$where_conditions.")";
- }
User input passed through the "where" parameter isn't properly validated before being used in a SQL query at line 713. This can be exploited to conduct SQL injection attacks.
3) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/thunderbirdplugin.php:
- function SearchContactsByEmail($username,$password,$emailaddress)
- {
- if(authentication($username,$password))
- {
- require_once('modules/Contacts/Contacts.php');
- $seed_contact = new Contacts();
- $output_list = Array();
- $response = $seed_contact->get_searchbyemailid($username,$emailaddress);
User input passed through the "emailaddress" parameter isn't properly validated before being used in a call to the Contacts::get_searchbyemailid() method at line 195. This can be exploited to conduct SQL injection attacks. Successful exploitation of this vulnerability requires authentication.
4) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/vtigerolservice.php:
- function SearchContactsByEmail($username,$session,$emailaddress)
- {
- if(!validateSession($username,$session))
- return null;
- require_once('modules/Contacts/Contacts.php');
- $seed_contact = new Contacts();
- $output_list = Array();
- $response = $seed_contact->get_searchbyemailid($username,$emailaddress);
User input passed through the "emailaddress" parameter isn't properly validated before being used in a call to the Contacts::get_searchbyemailid() method at line 291. This can be exploited to conduct SQL injection attacks. Successful exploitation of this vulnerability requires knowledge of a valid username.
[-] Solution:
Apply the vendor patch:http://www.vtiger.com/blogs/?p=1467
[-] Disclosure Timeline:
[13/01/2013] - Vendor notified [06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848 [05/03/2013] - Feedback provided to the vendor [26/03/2013] - Vendor patch released [18/04/2013] - CVE number requested [20/04/2013] - CVE number assigned [01/08/2013] - Public disclosure
[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2013-3213 to these vulnerabilities.
[-] Credits:
Vulnerabilities discovered by Egidio Romano.
[-] Original Advisory:
http://karmainsecurity.com/KIS-2013-06
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201404-0102",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.0 to 5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
}
],
"sources": [
{
"db": "BID",
"id": "61563"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
},
{
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Egidio Romano",
"sources": [
{
"db": "BID",
"id": "61563"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3213",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-3213",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-63215",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3213",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2013-3213",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201308-014",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-63215",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63215"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
},
{
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) picklist_name parameter in the get_picklists method to soap/customerportal.php, (2) where parameter in the get_tickets_list method to soap/customerportal.php, or (3) emailaddress parameter in the SearchContactsByEmail method to soap/vtigerolservice.php; or remote authenticated users to execute arbitrary SQL commands via the (4) emailaddress parameter in the SearchContactsByEmail method to soap/thunderbirdplugin.php. Vtiger CRM Is SQL An injection vulnerability exists.By any third party, via the following parameters SQL The command may be executed. (4) soap/thunderbirdplugin.php of SearchContactsByEmail In the method emailaddress Parameters. vtiger CRM is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied input before using it in an SQL query. \nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nvtiger CRM 5.0.0 through versions 5.4.0 are vulnerable. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability comes from the fact that the soap/customerportal.php script does not correctly filter the \u0027picklist_name\u0027 parameter in the get_picklists method; the soap/customerportal.php script does not correctly filter the get_tickets_list method The \u0027where\u0027 parameter; the soap/vtigerolservice.php script does not correctly filter the \u0027emailaddress\u0027 parameter in the SearchContactsByEmail method; the soap/thunderbirdplugin.php script does not correctly filter the \u0027emailaddress\u0027 parameter in the SearchContactsByEmail method. \n\n\n[-] Vulnerability Description:\n\n1) The vulnerable code is located in the get_picklists SOAP method defined in /soap/customerportal.php:\n\n1177. \t$id = $input_array[\u0027id\u0027];\n1178. \t$sessionid = $input_array[\u0027sessionid\u0027];\n1179. \t$picklist_name = $adb-\u003esql_escape_string($input_array[\u0027picklist_name\u0027]);\n1180. \n1181. \tif(!validateSession($id,$sessionid))\n1182. \treturn null;\n1183. \n1184. \t$picklist_array = Array();\n1185. \n1186. \t$admin_role = \u0027H2\u0027;\n1187. \t$userid = getPortalUserid();\n1188. \t$roleres = $adb-\u003epquery(\"SELECT roleid from vtiger_user2role where userid = ?\", array($userid));\n1189. \t$RowCount = $adb-\u003enum_rows($roleres);\n1190. \tif($RowCount \u003e 0){\n1191. \t\t$admin_role = $adb-\u003equery_result($roleres,0,\u0027roleid\u0027);\n1192. \t}\n1193. \n1194. \t$res = $adb-\u003epquery(\"select vtiger_\". $picklist_name.\".* from vtiger_\". $picklist_name.\" inner join [...]\n\nUser input passed through the \"picklist_name\" parameter seems to be correctly sanitised by the\nsql_escape_string() method, but the vulnerability exists because it\u0027s used in the query at line 1194\nwithout single or double quotes. This can be exploited to conduct blind SQL injection attacks. \n\n2) The vulnerable code is located in the get_tickets_list SOAP method defined in /soap/customerportal.php:\n\n654. \t$id = $input_array[\u0027id\u0027];\n655. \t$only_mine = $input_array[\u0027onlymine\u0027];\n656. \t$where = $input_array[\u0027where\u0027]; //addslashes is already added with where condition fields in portal itself\n657. \t$match = $input_array[\u0027match\u0027];\n658. \t$sessionid = $input_array[\u0027sessionid\u0027];\n659. \n660. \tif(!validateSession($id,$sessionid))\n661. \t\treturn null;\n662. \n663. \t// Prepare where conditions based on search query\n664. \t$join_type = \u0027\u0027;\n665. \t$where_conditions = \u0027\u0027;\n666. \tif(trim($where) != \u0027\u0027) {\n667. \t\tif($match == \u0027all\u0027 || $match == \u0027\u0027) {\n668. \t\t\t$join_type = \" AND \";\n669. \t\t} elseif($match == \u0027any\u0027) {\n670. \t\t\t$join_type = \" OR \";\n671. \t\t}\n672. \t\t$where = explode(\"\u0026\u0026\u0026\",$where);\n673. \t\t$where_conditions = implode($join_type, $where);\n\n[...]\n\n707. \t$query = \"SELECT vtiger_troubletickets.*, vtiger_crmentity.smownerid,vtiger_crmentity.createdtime, [...]\n708. \t\tFROM vtiger_troubletickets\n709. \t\tINNER JOIN vtiger_crmentity ON vtiger_crmentity.crmid = vtiger_troubletickets.ticketid AND [...]\n710. \t\tWHERE vtiger_troubletickets.parent_id IN (\". generateQuestionMarks($entity_ids_list) .\")\";\n711. \t// Add conditions if there are any search parameters\n712. \tif ($join_type != \u0027\u0027 \u0026\u0026 $where_conditions != \u0027\u0027) {\n713. \t\t$query .= \" AND (\".$where_conditions.\")\";\n714. \t}\n\nUser input passed through the \"where\" parameter isn\u0027t properly validated before being\nused in a SQL query at line 713. This can be exploited to conduct SQL injection attacks. \n\n3) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/thunderbirdplugin.php:\n\n186. \tfunction SearchContactsByEmail($username,$password,$emailaddress)\n187. \t{\n188. \t if(authentication($username,$password))\n189. \t {\n190. \t require_once(\u0027modules/Contacts/Contacts.php\u0027);\n191. \t\n192. \t $seed_contact = new Contacts();\n193. \t $output_list = Array();\n194. \t\n195. \t $response = $seed_contact-\u003eget_searchbyemailid($username,$emailaddress);\n\nUser input passed through the \"emailaddress\" parameter isn\u0027t properly validated before being used\nin a call to the Contacts::get_searchbyemailid() method at line 195. This can be exploited to conduct\nSQL injection attacks. Successful exploitation of this vulnerability requires authentication. \n\n4) The vulnerable code is located in the SearchContactsByEmail SOAP method defined in /soap/vtigerolservice.php:\n\n282. \tfunction SearchContactsByEmail($username,$session,$emailaddress)\n283. \t{\n284. \t\tif(!validateSession($username,$session))\n285. \t\treturn null;\n286. \t\trequire_once(\u0027modules/Contacts/Contacts.php\u0027);\n287. \t\n288. \t $seed_contact = new Contacts();\n289. \t $output_list = Array();\n290. \t\n291. \t $response = $seed_contact-\u003eget_searchbyemailid($username,$emailaddress);\n\nUser input passed through the \"emailaddress\" parameter isn\u0027t properly validated before being used in\na call to the Contacts::get_searchbyemailid() method at line 291. This can be exploited to conduct SQL\ninjection attacks. Successful exploitation of this vulnerability requires knowledge of a valid username. \n\n\n[-] Solution:\n\nApply the vendor patch:http://www.vtiger.com/blogs/?p=1467\n\n\n[-] Disclosure Timeline:\n\n[13/01/2013] - Vendor notified\n[06/02/2013] - Vendor asked feedback abouthttp://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848\n[05/03/2013] - Feedback provided to the vendor\n[26/03/2013] - Vendor patch released\n[18/04/2013] - CVE number requested\n[20/04/2013] - CVE number assigned\n[01/08/2013] - Public disclosure\n\n\n[-] CVE Reference:\n\nThe Common Vulnerabilities and Exposures project (cve.mitre.org)\nhas assigned the name CVE-2013-3213 to these vulnerabilities. \n\n\n[-] Credits:\n\nVulnerabilities discovered by Egidio Romano. \n\n\n[-] Original Advisory:\n\nhttp://karmainsecurity.com/KIS-2013-06\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3213"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "BID",
"id": "61563"
},
{
"db": "VULHUB",
"id": "VHN-63215"
},
{
"db": "PACKETSTORM",
"id": "122641"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-63215",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63215"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3213",
"trust": 2.9
},
{
"db": "BID",
"id": "61563",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014",
"trust": 0.7
},
{
"db": "XF",
"id": "86129",
"trust": 0.6
},
{
"db": "XF",
"id": "20133213",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20130801 [KIS-2013-06] VTIGER CRM \u003c= 5.4.0 (SOAP SERVICES) MULTIPLE SQL INJECTION VULNERABILITIES",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "122641",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "27279",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-63215",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63215"
},
{
"db": "BID",
"id": "61563"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "PACKETSTORM",
"id": "122641"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
},
{
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"id": "VAR-201404-0102",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63215"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-13T23:17:40.611000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vtiger 5.4.0 Security Patch Released",
"trust": 0.8,
"url": "https://www.vtiger.com/blogs/?p=1467"
},
{
"title": "vtigercrm6.0.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49112"
},
{
"title": "vtigercrm600",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49111"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63215"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.vtiger.com/blogs/?p=1467"
},
{
"trust": 2.1,
"url": "http://karmainsecurity.com/kis-2013-06"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/61563"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-08/0001.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/86129"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3213"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3213"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/86129"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%205.1.0/"
},
{
"trust": 0.1,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/13848"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-3213"
},
{
"trust": 0.1,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63215"
},
{
"db": "BID",
"id": "61563"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "PACKETSTORM",
"id": "122641"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
},
{
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63215"
},
{
"db": "BID",
"id": "61563"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"db": "PACKETSTORM",
"id": "122641"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
},
{
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-63215"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61563"
},
{
"date": "2014-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"date": "2013-08-01T18:32:11",
"db": "PACKETSTORM",
"id": "122641"
},
{
"date": "2013-08-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-014"
},
{
"date": "2014-04-02T16:05:49.267000",
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63215"
},
{
"date": "2013-08-01T00:00:00",
"db": "BID",
"id": "61563"
},
{
"date": "2014-04-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006283"
},
{
"date": "2014-04-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201308-014"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2013-3213"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122641"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006283"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sql injection",
"sources": [
{
"db": "PACKETSTORM",
"id": "122641"
},
{
"db": "CNNVD",
"id": "CNNVD-201308-014"
}
],
"trust": 0.7
}
}
VAR-201408-0376
Vulnerability from variot - Updated: 2025-04-12 22:59Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. Vtiger CRM of kcfinder/browse.php Contains a directory traversal vulnerability. An attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible. vtiger CRM 5.4.0, 6.0 RC and 6.0.0 GA are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201408-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "6.0.0"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "6.0.0 security patch 1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "6.0.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jerzy Kramarz",
"sources": [
{
"db": "BID",
"id": "66136"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
],
"trust": 0.9
},
"cve": "CVE-2014-1222",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2014-1222",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-69160",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-1222",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-1222",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-69160",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM. Vtiger CRM of kcfinder/browse.php Contains a directory traversal vulnerability. \nAn attacker can exploit this issue using directory-traversal strings to view files and execute local script code in the context of the web server process. This may allow the attacker to compromise the application; other attacks are also possible. \nvtiger CRM 5.4.0, 6.0 RC and 6.0.0 GA are vulnerable; other versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1222"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "VULHUB",
"id": "VHN-69160"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69160",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1222",
"trust": 2.8
},
{
"db": "BID",
"id": "66136",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "57149",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "36581",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "32213",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "27597",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "125685",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-85512",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-81201",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69160",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"id": "VAR-201408-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-12T22:59:37.590000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtigercrm-600-security-patch1.zip",
"trust": 0.8,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.0.0/Add-ons/vtigercrm-600-security-patch1.zip/download"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-1222/"
},
{
"trust": 1.7,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%206.0.0/add-ons/vtigercrm-600-security-patch1.zip/download"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/531423/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1222"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1222"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/531423/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/57149"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/66136"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-69160"
},
{
"db": "BID",
"id": "66136"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
},
{
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-69160"
},
{
"date": "2014-03-12T00:00:00",
"db": "BID",
"id": "66136"
},
{
"date": "2014-08-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"date": "2014-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-506"
},
{
"date": "2014-08-12T23:55:03.360000",
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-69160"
},
{
"date": "2014-03-12T00:00:00",
"db": "BID",
"id": "66136"
},
{
"date": "2015-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-003799"
},
{
"date": "2014-08-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-506"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-1222"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM of kcfinder/browse.php Vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-003799"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-506"
}
],
"trust": 0.6
}
}
VAR-201112-0339
Vulnerability from variot - Updated: 2025-04-11 23:15vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability. Attackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access. Versions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lt",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.6,
"vendor": "vtiger",
"version": "\u003c=5.2.x"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "pratim",
"sources": [
{
"db": "BID",
"id": "51024"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2011-4679",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2011-5717",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "7d716c21-463f-11e9-be3d-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-52624",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4679",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4679",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5717",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-080",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52624",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM before 5.3.0 does not properly recognize the disabled status of a field in the Leads module, which allows remote authenticated users to bypass intended access restrictions by reading a previously created report. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). A vulnerability exists in versions prior to vtiger CRM 5.3.0 that stems from the inability to correctly identify the status of a defective field in the Leads module. vtiger CRM is prone to a security-bypass vulnerability. \nAttackers may exploit the issue to bypass certain unspecified security restrictions and gain unauthorized access. \nVersions prior to vtiger CRM 5.3.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4679"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52624"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4679",
"trust": 3.8
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5717",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299",
"trust": 0.8
},
{
"db": "BID",
"id": "51024",
"trust": 0.4
},
{
"db": "IVD",
"id": "7D716C21-463F-11E9-BE3D-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "57CA12F8-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52624",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"id": "VAR-201112-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
}
]
},
"last_update_date": "2025-04-11T23:15:35.136000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ticket #7003",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003"
},
{
"title": "Ticket #7004",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004"
},
{
"title": "Oct2011:ODUpdate",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/Oct2011:ODUpdate"
},
{
"title": "Patch for vtiger CRM Leads module security vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/37813"
},
{
"title": "vtigercrm-521-530-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41995"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41994"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41993"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7003"
},
{
"trust": 2.0,
"url": "http://wiki.vtiger.com/index.php/oct2011:odupdate"
},
{
"trust": 1.7,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/7004"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4679"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4679"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "VULHUB",
"id": "VHN-52624"
},
{
"db": "BID",
"id": "51024"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"date": "2011-12-08T00:00:00",
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-52624"
},
{
"date": "2011-01-04T00:00:00",
"db": "BID",
"id": "51024"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"date": "2011-12-07T19:55:02.440000",
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"date": "2017-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52624"
},
{
"date": "2011-01-04T00:00:00",
"db": "BID",
"id": "51024"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003299"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-080"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4679"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Leads Module Security Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d716c21-463f-11e9-be3d-000c29342cb1"
},
{
"db": "IVD",
"id": "57ca12f8-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5717"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-080"
}
],
"trust": 0.6
}
}
VAR-201209-0439
Vulnerability from variot - Updated: 2025-04-11 23:09Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201209-0439",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.x"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.1.0"
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
}
]
},
"cve": "CVE-2012-4867",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2012-4867",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-8109",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d720862-463f-11e9-bdf0-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "6618136a-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-58148",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2012-4867",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2012-4867",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2012-8109",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201209-078",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-58148",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter. vtiger CRM of modules/com_vtiger_workflow/sortfieldsjson.php Contains a directory traversal vulnerability.By a third party .. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4867"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-58148"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-58148",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58148"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4867",
"trust": 3.5
},
{
"db": "EXPLOIT-DB",
"id": "18635",
"trust": 1.7
},
{
"db": "PACKETSTORM",
"id": "111075",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2012-8109",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162",
"trust": 0.8
},
{
"db": "IVD",
"id": "7D720862-463F-11E9-BDF0-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "6618136A-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "18770",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-72808",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-58148",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"id": "VAR-201209-0439",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
}
]
},
"last_update_date": "2025-04-11T23:09:57.012000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
},
{
"title": "Patch for vtiger CRM path traversal vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/35988"
},
{
"title": "vtigercrm-5.4.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44512"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/18635"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.org/files/111075/vtiger-5.1.0-local-file-inclusion.html"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4867"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4867"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "VULHUB",
"id": "VHN-58148"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-12T00:00:00",
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"date": "2012-09-12T00:00:00",
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"date": "2012-09-06T00:00:00",
"db": "VULHUB",
"id": "VHN-58148"
},
{
"date": "2012-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"date": "2012-09-06T17:55:01.707000",
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-09-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"date": "2012-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-58148"
},
{
"date": "2012-09-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-004162"
},
{
"date": "2012-09-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201209-078"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2012-4867"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Path traversal vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2012-8109"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Path traversal",
"sources": [
{
"db": "IVD",
"id": "7d720862-463f-11e9-bdf0-000c29342cb1"
},
{
"db": "IVD",
"id": "6618136a-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201209-078"
}
],
"trust": 1.0
}
}
VAR-201011-0264
Vulnerability from variot - Updated: 2025-04-11 23:04Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree. vtiger CRM is prone to a remote security vulnerability. vtiger CRM is an open source web-based customer relationship management system. There is an incomplete blacklist vulnerability in the config.template.php file in vtiger CRM versions prior to 5.2.1. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA42246
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE: 2010-11-19
DISCUSS ADVISORY: http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Some vulnerabilities have been discovered in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1) An error exists in the file upload functionality due to the emails module not properly checking file names and extensions. This can be exploited to upload and execute arbitrary PHP code e.g. via ".phtml" files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or the "current_language" parameter to graph.php is not properly verified in the "return_application_language()" function in include/utils/utils.php before being used to include files. This can be exploited to include arbitrary file from local resources via directory traversal sequences and URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module" is set to "Settings" and "action" is set to "GetFieldInfo") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions may also be affected.
SOLUTION: Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY: vtiger CRM: http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "*"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": null,
"trust": 0.6,
"vendor": "vtiger",
"version": null
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0.1"
},
{
"model": "crm rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm validation",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm beta",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm beta",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1.0"
}
],
"sources": [
{
"db": "BID",
"id": "78746"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-248"
},
{
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78746"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3909",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CVE-2010-3909",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "VHN-46514",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3909",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-3909",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-248",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-46514",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46514"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-248"
},
{
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree. vtiger CRM is prone to a remote security vulnerability. vtiger CRM is an open source web-based customer relationship management system. There is an incomplete blacklist vulnerability in the config.template.php file in vtiger CRM versions prior to 5.2.1. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA42246\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42246/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246\n\nRELEASE DATE:\n2010-11-19\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42246/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42246/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSome vulnerabilities have been discovered in vtiger CRM, which can be\nexploited by malicious users to compromise a vulnerable system and by\nmalicious people to conduct cross-site scripting attacks and disclose\nsensitive information. \n\n1) An error exists in the file upload functionality due to the emails\nmodule not properly checking file names and extensions. This can be\nexploited to upload and execute arbitrary PHP code e.g. via \".phtml\"\nfiles. \n\n2) Input passed e.g. via the \"lang_crm\" parameter to phprint.php or\nthe \"current_language\" parameter to graph.php is not properly\nverified in the \"return_application_language()\" function in\ninclude/utils/utils.php before being used to include files. This can\nbe exploited to include arbitrary file from local resources via\ndirectory traversal sequences and URL-encoded NULL bytes. \n\nSuccessful exploitation of this vulnerability requires that\n\"magic_quotes_gpc\" is disabled. \n\n3) Input passed via the \"user_name\" and \"user_password\" parameters to\nindex.php is not properly sanitised before being returned to the user. \nThis can be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site. \n\n4) Input passed via the \"label\" parameter to index.php (when \"module\"\nis set to \"Settings\" and \"action\" is set to \"GetFieldInfo\") is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\nThe vulnerabilities are confirmed in version 5.2.0. Other versions\nmay also be affected. \n\nSOLUTION:\nUpdate to version 5.2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nGiovanni \"evilaliv3\" Pellerano and Alessandro \"jekil\" Tanasi\n\nORIGINAL ADVISORY:\nvtiger CRM:\nhttp://wiki.vtiger.com/index.php/Vtiger521:Release_Notes\n\nGiovanni Pellerano and Alessandro Tanasi:\nhttp://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3909"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"db": "BID",
"id": "78746"
},
{
"db": "VULHUB",
"id": "VHN-46514"
},
{
"db": "PACKETSTORM",
"id": "95988"
}
],
"trust": 2.07
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-46514",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46514"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3909",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "42246",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201011-248",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20101116 VTIGER CRM 5.2.0 MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "BID",
"id": "78746",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "95931",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-46514",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95988",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46514"
},
{
"db": "BID",
"id": "78746"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-248"
},
{
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"id": "VAR-201011-0264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-46514"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-11T23:04:23.970000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vtiger521:Release Notes",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-94",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46514"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt"
},
{
"trust": 2.1,
"url": "http://wiki.vtiger.com/index.php/vtiger521:release_notes"
},
{
"trust": 2.0,
"url": "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42246"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/514846/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/514846/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3909"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3909"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42246/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42246/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3909"
},
{
"trust": 0.1,
"url": "http://www.tanasi.it/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3911"
},
{
"trust": 0.1,
"url": "http://www.vtigercrm.com"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/index.php?module=users\u0026action=login\u0026default_user_name"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/graph.php?current_language=/../[..]/../"
},
{
"trust": 0.1,
"url": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt"
},
{
"trust": 0.1,
"url": "http://www.ush.it/,"
},
{
"trust": 0.1,
"url": "http://www.evilaliv3.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/phprint.php?lang_crm=/../[..]/../"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3910"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/index.php?module=settings\u0026action=getfieldinfo\u0026label"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46514"
},
{
"db": "BID",
"id": "78746"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-248"
},
{
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-46514"
},
{
"db": "BID",
"id": "78746"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-248"
},
{
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-46514"
},
{
"date": "2010-11-26T00:00:00",
"db": "BID",
"id": "78746"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"date": "2010-11-19T06:21:45",
"db": "PACKETSTORM",
"id": "95988"
},
{
"date": "2010-11-18T00:23:11",
"db": "PACKETSTORM",
"id": "95931"
},
{
"date": "2010-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-248"
},
{
"date": "2010-11-26T20:00:03.877000",
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-46514"
},
{
"date": "2010-11-26T00:00:00",
"db": "BID",
"id": "78746"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003272"
},
{
"date": "2010-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-248"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-3909"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-248"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of config.template.php Vulnerable to arbitrary code execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003272"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-248"
}
],
"trust": 0.6
}
}
VAR-201011-0266
Vulnerability from variot - Updated: 2025-04-11 23:04Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. vtiger CRM is prone to a cross-site scripting vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA42246
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE: 2010-11-19
DISCUSS ADVISORY: http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Some vulnerabilities have been discovered in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1) An error exists in the file upload functionality due to the emails module not properly checking file names and extensions. This can be exploited to upload and execute arbitrary PHP code e.g. via ".phtml" files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or the "current_language" parameter to graph.php is not properly verified in the "return_application_language()" function in include/utils/utils.php before being used to include files. This can be exploited to include arbitrary file from local resources via directory traversal sequences and URL-encoded NULL bytes.
Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module" is set to "Settings" and "action" is set to "GetFieldInfo") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions may also be affected.
SOLUTION: Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY: vtiger CRM: http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0266",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0.1"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm validation",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm beta",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm beta",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "73791"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
},
{
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73791"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3911",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-3911",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-46516",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3911",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-3911",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-246",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-46516",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46516"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
},
{
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM before 5.2.1 allow remote attackers to inject arbitrary web script or HTML via (1) the username (aka default_user_name) field or (2) the password field in a Users Login action to index.php, or (3) the label parameter in a Settings GetFieldInfo action to index.php, related to modules/Settings/GetFieldInfo.php. vtiger CRM is prone to a cross-site scripting vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA42246\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42246/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246\n\nRELEASE DATE:\n2010-11-19\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42246/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42246/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSome vulnerabilities have been discovered in vtiger CRM, which can be\nexploited by malicious users to compromise a vulnerable system and by\nmalicious people to conduct cross-site scripting attacks and disclose\nsensitive information. \n\n1) An error exists in the file upload functionality due to the emails\nmodule not properly checking file names and extensions. This can be\nexploited to upload and execute arbitrary PHP code e.g. via \".phtml\"\nfiles. \n\n2) Input passed e.g. via the \"lang_crm\" parameter to phprint.php or\nthe \"current_language\" parameter to graph.php is not properly\nverified in the \"return_application_language()\" function in\ninclude/utils/utils.php before being used to include files. This can\nbe exploited to include arbitrary file from local resources via\ndirectory traversal sequences and URL-encoded NULL bytes. \n\nSuccessful exploitation of this vulnerability requires that\n\"magic_quotes_gpc\" is disabled. \n\n3) Input passed via the \"user_name\" and \"user_password\" parameters to\nindex.php is not properly sanitised before being returned to the user. \nThis can be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site. \n\n4) Input passed via the \"label\" parameter to index.php (when \"module\"\nis set to \"Settings\" and \"action\" is set to \"GetFieldInfo\") is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\nThe vulnerabilities are confirmed in version 5.2.0. Other versions\nmay also be affected. \n\nSOLUTION:\nUpdate to version 5.2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nGiovanni \"evilaliv3\" Pellerano and Alessandro \"jekil\" Tanasi\n\nORIGINAL ADVISORY:\nvtiger CRM:\nhttp://wiki.vtiger.com/index.php/Vtiger521:Release_Notes\n\nGiovanni Pellerano and Alessandro Tanasi:\nhttp://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3911"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "BID",
"id": "73791"
},
{
"db": "VULHUB",
"id": "VHN-46516"
},
{
"db": "PACKETSTORM",
"id": "95988"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3911",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "42246",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20101116 VTIGER CRM 5.2.0 MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "BID",
"id": "73791",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-46516",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95988",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95931",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46516"
},
{
"db": "BID",
"id": "73791"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
},
{
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"id": "VAR-201011-0266",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-46516"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-11T23:04:23.931000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vtiger521:Release Notes",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes"
},
{
"title": "vtigercrm-510-521-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32061"
},
{
"title": "vtigercrm-5.2.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32060"
},
{
"title": "vtigercrm-5.2.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32059"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46516"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt"
},
{
"trust": 2.1,
"url": "http://wiki.vtiger.com/index.php/vtiger521:release_notes"
},
{
"trust": 2.0,
"url": "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42246"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/514846/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/514846/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3911"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3911"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42246/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42246/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3909"
},
{
"trust": 0.1,
"url": "http://www.tanasi.it/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3911"
},
{
"trust": 0.1,
"url": "http://www.vtigercrm.com"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/index.php?module=users\u0026action=login\u0026default_user_name"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/graph.php?current_language=/../[..]/../"
},
{
"trust": 0.1,
"url": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt"
},
{
"trust": 0.1,
"url": "http://www.ush.it/,"
},
{
"trust": 0.1,
"url": "http://www.evilaliv3.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/phprint.php?lang_crm=/../[..]/../"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3910"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/index.php?module=settings\u0026action=getfieldinfo\u0026label"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46516"
},
{
"db": "BID",
"id": "73791"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
},
{
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-46516"
},
{
"db": "BID",
"id": "73791"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
},
{
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-46516"
},
{
"date": "2010-11-26T00:00:00",
"db": "BID",
"id": "73791"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"date": "2010-11-19T06:21:45",
"db": "PACKETSTORM",
"id": "95988"
},
{
"date": "2010-11-18T00:23:11",
"db": "PACKETSTORM",
"id": "95931"
},
{
"date": "2010-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-246"
},
{
"date": "2010-11-26T20:00:03.970000",
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-46516"
},
{
"date": "2010-11-26T00:00:00",
"db": "BID",
"id": "73791"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003274"
},
{
"date": "2010-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-246"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-3911"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003274"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-246"
}
],
"trust": 0.7
}
}
VAR-201011-0265
Vulnerability from variot - Updated: 2025-04-11 23:04Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. vtiger CRM of return_application_language The function contains a directory traversal vulnerability.By a third party, phprint.php To lang_crm Parameters, or fraph.php To Accouonts Import In operation current_language In the parameter .. ( Half-width period 2 One ) Via file inclusion and arbitrary local files could be executed. vtiger CRM is prone to a file-upload vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta.
Join the beta: http://secunia.com/products/corporate/vim/
TITLE: vtiger CRM Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA42246
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42246/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
RELEASE DATE: 2010-11-19
DISCUSS ADVISORY: http://secunia.com/advisories/42246/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42246/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42246
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Some vulnerabilities have been discovered in vtiger CRM, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to conduct cross-site scripting attacks and disclose sensitive information.
1) An error exists in the file upload functionality due to the emails module not properly checking file names and extensions. This can be exploited to upload and execute arbitrary PHP code e.g. via ".phtml" files.
2) Input passed e.g. via the "lang_crm" parameter to phprint.php or the "current_language" parameter to graph.php is not properly verified in the "return_application_language()" function in include/utils/utils.php before being used to include files.
Successful exploitation of this vulnerability requires that "magic_quotes_gpc" is disabled.
3) Input passed via the "user_name" and "user_password" parameters to index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
4) Input passed via the "label" parameter to index.php (when "module" is set to "Settings" and "action" is set to "GetFieldInfo") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
The vulnerabilities are confirmed in version 5.2.0. Other versions may also be affected.
SOLUTION: Update to version 5.2.1.
PROVIDED AND/OR DISCOVERED BY: Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi
ORIGINAL ADVISORY: vtiger CRM: http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Giovanni Pellerano and Alessandro Tanasi: http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201011-0265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0.1"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm validation",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm beta",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm beta",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "78763"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
},
{
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "78763"
}
],
"trust": 0.3
},
"cve": "CVE-2010-3910",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2010-3910",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-46515",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-3910",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-3910",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201011-247",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-46515",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46515"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
},
{
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple directory traversal vulnerabilities in the return_application_language function in include/utils/utils.php in vtiger CRM before 5.2.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the lang_crm parameter to phprint.php or (2) the current_language parameter in an Accounts Import action to graph.php. vtiger CRM of return_application_language The function contains a directory traversal vulnerability.By a third party, phprint.php To lang_crm Parameters, or fraph.php To Accouonts Import In operation current_language In the parameter .. ( Half-width period 2 One ) Via file inclusion and arbitrary local files could be executed. vtiger CRM is prone to a file-upload vulnerability. vtiger CRM is an open source web-based customer relationship management system. ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. \n\nJoin the beta: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nvtiger CRM Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA42246\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42246/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246\n\nRELEASE DATE:\n2010-11-19\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42246/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42246/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nSome vulnerabilities have been discovered in vtiger CRM, which can be\nexploited by malicious users to compromise a vulnerable system and by\nmalicious people to conduct cross-site scripting attacks and disclose\nsensitive information. \n\n1) An error exists in the file upload functionality due to the emails\nmodule not properly checking file names and extensions. This can be\nexploited to upload and execute arbitrary PHP code e.g. via \".phtml\"\nfiles. \n\n2) Input passed e.g. via the \"lang_crm\" parameter to phprint.php or\nthe \"current_language\" parameter to graph.php is not properly\nverified in the \"return_application_language()\" function in\ninclude/utils/utils.php before being used to include files. \n\nSuccessful exploitation of this vulnerability requires that\n\"magic_quotes_gpc\" is disabled. \n\n3) Input passed via the \"user_name\" and \"user_password\" parameters to\nindex.php is not properly sanitised before being returned to the user. \nThis can be exploited to execute arbitrary HTML and script code in a\nuser\u0027s browser session in context of an affected site. \n\n4) Input passed via the \"label\" parameter to index.php (when \"module\"\nis set to \"Settings\" and \"action\" is set to \"GetFieldInfo\") is not\nproperly sanitised before being returned to the user. This can be\nexploited to execute arbitrary HTML and script code in a user\u0027s\nbrowser session in context of an affected site. \n\nThe vulnerabilities are confirmed in version 5.2.0. Other versions\nmay also be affected. \n\nSOLUTION:\nUpdate to version 5.2.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nGiovanni \"evilaliv3\" Pellerano and Alessandro \"jekil\" Tanasi\n\nORIGINAL ADVISORY:\nvtiger CRM:\nhttp://wiki.vtiger.com/index.php/Vtiger521:Release_Notes\n\nGiovanni Pellerano and Alessandro Tanasi:\nhttp://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-3910"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "BID",
"id": "78763"
},
{
"db": "VULHUB",
"id": "VHN-46515"
},
{
"db": "PACKETSTORM",
"id": "95988"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-3910",
"trust": 2.9
},
{
"db": "SECUNIA",
"id": "42246",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201011-247",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20101116 VTIGER CRM 5.2.0 MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "BID",
"id": "78763",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-46515",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95988",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "95931",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46515"
},
{
"db": "BID",
"id": "78763"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
},
{
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"id": "VAR-201011-0265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-46515"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-11T23:04:23.889000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vtiger521:Release Notes",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes"
},
{
"title": "vtigercrm-510-521-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32061"
},
{
"title": "vtigercrm-5.2.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32060"
},
{
"title": "vtigercrm-5.2.1",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=32059"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46515"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt"
},
{
"trust": 2.1,
"url": "http://wiki.vtiger.com/index.php/vtiger521:release_notes"
},
{
"trust": 2.0,
"url": "http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/42246"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/514846/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/514846/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3910"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3910"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42246/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42246/"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42246"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3909"
},
{
"trust": 0.1,
"url": "http://www.tanasi.it/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3911"
},
{
"trust": 0.1,
"url": "http://www.vtigercrm.com"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/index.php?module=users\u0026action=login\u0026default_user_name"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/graph.php?current_language=/../[..]/../"
},
{
"trust": 0.1,
"url": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt"
},
{
"trust": 0.1,
"url": "http://www.ush.it/,"
},
{
"trust": 0.1,
"url": "http://www.evilaliv3.org/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/phprint.php?lang_crm=/../[..]/../"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-3910"
},
{
"trust": 0.1,
"url": "http://127.0.0.1/vtigercrm/index.php?module=settings\u0026action=getfieldinfo\u0026label"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-46515"
},
{
"db": "BID",
"id": "78763"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
},
{
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-46515"
},
{
"db": "BID",
"id": "78763"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"db": "PACKETSTORM",
"id": "95988"
},
{
"db": "PACKETSTORM",
"id": "95931"
},
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
},
{
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-11-26T00:00:00",
"db": "VULHUB",
"id": "VHN-46515"
},
{
"date": "2010-11-26T00:00:00",
"db": "BID",
"id": "78763"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"date": "2010-11-19T06:21:45",
"db": "PACKETSTORM",
"id": "95988"
},
{
"date": "2010-11-18T00:23:11",
"db": "PACKETSTORM",
"id": "95931"
},
{
"date": "2010-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-247"
},
{
"date": "2010-11-26T20:00:03.940000",
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-46515"
},
{
"date": "2010-11-26T00:00:00",
"db": "BID",
"id": "78763"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003273"
},
{
"date": "2010-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201011-247"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-3910"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of return_application_language Function vulnerable to directory traversal",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003273"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201011-247"
}
],
"trust": 0.6
}
}
VAR-201112-0340
Vulnerability from variot - Updated: 2025-04-11 23:04Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Attackers can build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. Versions prior to vtiger CRM 5.2.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0340",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 2.5,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm rc",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "rc",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "4"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger crm",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "ne",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "4.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "vtiger crm",
"version": "5.2.1"
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "51023"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4680",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4680",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "57d70116-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52625",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4680",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4680",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52625",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the customer portal in vtiger CRM before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Attackers can build malicious web pages, entice users to parse, get sensitive information, or hijack user sessions. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. \nVersions prior to vtiger CRM 5.2.0 are vulnerable. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4680"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52625"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4680",
"trust": 3.6
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2011-5252",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300",
"trust": 0.8
},
{
"db": "BID",
"id": "51023",
"trust": 0.4
},
{
"db": "IVD",
"id": "57D70116-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52625",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"id": "VAR-201112-0340",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
}
],
"trust": 1.5395833200000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
}
]
},
"last_update_date": "2025-04-11T23:04:15.576000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Jan2011:ODUpdate",
"trust": 0.8,
"url": "http://wiki.vtiger.com/index.php/Jan2011:ODUpdate"
},
{
"title": "Patch for vtiger CRM Cross-Site Scripting Vulnerability (CNVD-2011-5252)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/6258"
},
{
"title": "vtigercrm-521-530-patch",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41995"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41994"
},
{
"title": "vtigercrm-5.3.0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=41993"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://wiki.vtiger.com/index.php/jan2011:odupdate"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4680"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4680"
},
{
"trust": 0.6,
"url": "http://wiki.vtiger.com/index.php/jan2011"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"db": "VULHUB",
"id": "VHN-52625"
},
{
"db": "BID",
"id": "51023"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "IVD",
"id": "57d70116-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"date": "2011-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-52625"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51023"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"date": "2011-12-07T19:55:02.470000",
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5252"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-52625"
},
{
"date": "2011-12-12T00:00:00",
"db": "BID",
"id": "51023"
},
{
"date": "2011-12-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003300"
},
{
"date": "2011-12-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-081"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4680"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003300"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201112-081"
}
],
"trust": 0.6
}
}
VAR-201112-0325
Vulnerability from variot - Updated: 2025-04-11 23:02Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php. vTiger CRM Contains a cross-site scripting vulnerability.By a third party, through the following parameters, Web Script or HTML May be inserted. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple cross-site scripting vulnerabilities existed in vTiger CRM 5.2.1 and earlier. The vulnerability stems from the fact that the data provided to the user has not been properly checked. A remote attacker could exploit the vulnerability to execute arbitrary script code in an unknown user's browser in the context of the affected site, stealing a cookie-based authentication certificate and initiating other attacks, or injecting arbitrary web scripts or HTML through multiple parameters, such as: viewname And the activity_mode parameter. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. vtiger CRM 5.2.1 is vulnerable; other versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201112-0325",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.5,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aung Khant",
"sources": [
{
"db": "BID",
"id": "49927"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4670",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2011-4670",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2011-5742",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-52615",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4670",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2011-4670",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2011-5742",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201112-013",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-52615",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php. vTiger CRM Contains a cross-site scripting vulnerability.By a third party, through the following parameters, Web Script or HTML May be inserted. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple cross-site scripting vulnerabilities existed in vTiger CRM 5.2.1 and earlier. The vulnerability stems from the fact that the data provided to the user has not been properly checked. A remote attacker could exploit the vulnerability to execute arbitrary script code in an unknown user\u0027s browser in the context of the affected site, stealing a cookie-based authentication certificate and initiating other attacks, or injecting arbitrary web scripts or HTML through multiple parameters, such as: viewname And the activity_mode parameter. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nvtiger CRM 5.2.1 is vulnerable; other versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4670"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "VULHUB",
"id": "VHN-52615"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52615",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52615"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4670",
"trust": 3.8
},
{
"db": "BID",
"id": "49927",
"trust": 3.2
},
{
"db": "OSVDB",
"id": "76006",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "76005",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "36203",
"trust": 1.1
},
{
"db": "EXPLOIT-DB",
"id": "36204",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5742",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111004 VTIGER CRM 5.2.X \u003c= MULTIPLE CROSS SITE SCRIPTING VULNERABILITIES",
"trust": 0.6
},
{
"db": "XF",
"id": "70306",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20111004 VTIGER CRM 5.2.X \u003c= MULTIPLE CROSS SITE SCRIPTING VULNERABILITIES",
"trust": 0.6
},
{
"db": "IVD",
"id": "5A5BACB6-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "IVD",
"id": "7D7E8B80-463F-11E9-BE72-000C29342CB1",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52615",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"id": "VAR-201112-0325",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
}
]
},
"last_update_date": "2025-04-11T23:02:03.534000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtigerCRM.jp",
"trust": 0.8,
"url": "http://www.vtigercrm.jp/home"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/49927"
},
{
"trust": 2.0,
"url": "http://seclists.org/fulldisclosure/2011/oct/154"
},
{
"trust": 1.7,
"url": "http://yehg.net/lab/pr0js/advisories/%5bvtiger_5.2.1%5d_xss"
},
{
"trust": 1.7,
"url": "http://osvdb.org/76005"
},
{
"trust": 1.7,
"url": "http://osvdb.org/76006"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/519993/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/36203/"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/36204/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70306"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4670"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4670"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/70306"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/519993/100/0/threaded"
},
{
"trust": 0.3,
"url": "www.vtiger.de"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "VULHUB",
"id": "VHN-52615"
},
{
"db": "BID",
"id": "49927"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-12-05T00:00:00",
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"date": "2011-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-52615"
},
{
"date": "2011-10-04T00:00:00",
"db": "BID",
"id": "49927"
},
{
"date": "2011-12-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"date": "2011-12-02T16:55:02.420000",
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-12-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52615"
},
{
"date": "2011-12-06T19:37:00",
"db": "BID",
"id": "49927"
},
{
"date": "2011-12-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003188"
},
{
"date": "2011-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"date": "2011-12-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201112-013"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4670"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5a5bacb6-2354-11e6-abef-000c29c66e3d"
},
{
"db": "IVD",
"id": "7d7e8b80-463f-11e9-be72-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2011-5742"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-359"
},
{
"db": "CNNVD",
"id": "CNNVD-201112-013"
}
],
"trust": 1.2
}
}
VAR-201402-0420
Vulnerability from variot - Updated: 2025-04-11 23:01Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. (1) modules\com_vtiger_workflow\savetemplate.php of return_url Parameters (2) deletetask.php Unspecified elements (3) edittask.php Unspecified elements (4) savetask.php Unspecified elements (5) saveworkflow.php Unspecified elements. Vtiger CRM is a set of customer relationship management system (CRM) based on SugarCRM developed by Vtiger in the United States. The management system provides functions such as management, collection, and analysis of customer information. A cross-site scripting vulnerability exists in Vtiger, which stems from programs that do not properly filter input submitted by users. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vtiger 5.4.0 has vulnerabilities. Other versions may also be affected. [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting
I. * Information *
Name : Vtiger 5.4.0 Reflected Cross Site Scripting Software : Vtiger 5.4.0 and possibly below. Vendor Homepage : https://www.vtiger.com/ Vulnerability Type : Reflected Cross-Site Scripting Severity : Medium (3/5) Advisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories) Credits: Sojobo dev team Description: A Reflected Cross Site Scripting vulnerability was discovered during the testing of Sojobo, Static Analysis Tool.
II. * Details *
A) Reflected Cross Site Scripting in savetemplate.php, deletetask.php, edittask.php, savetask.php and saveworkflow.php [Impact: 3/5]
Follow a trace to reach the vulnerable code.
File: \modules\com_vtiger_workflow\savetemplate.php 45: vtSaveWorkflowTemplate($adb, $_REQUEST); ... 37: $returnUrl = $request['return_url']; ... 40: window.location="";
The variable 'return_url' isn't correctly validated before to be printed in the page.
A test request is: /index.php?module=com_vtiger_workflow&action=savetemplate&return_url=">alert('xss');
III. * Report Timeline *
26 October 2013 - First contact 29 October 2013 - Fix announced on the new version 10 December 2013 - Fix release with the new version
IV. * About Sojobo *
Sojobo allows you to find security vulnerabilities in your PHP web application source code before others do. By using the state of the art techniques Sojobo is able to identify the most critical vulnerabilities in your code and limit the number of false positives
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "crm",
"scope": "eq",
"trust": 2.4,
"vendor": "vtiger",
"version": "5.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
]
},
"credits": {
"_id": null,
"data": "Sojobo dev team",
"sources": [
{
"db": "BID",
"id": "64236"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
}
],
"trust": 1.0
},
"cve": "CVE-2013-7326",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2013-7326",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-67328",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-7326",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-7326",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201402-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67328",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"description": {
"_id": null,
"data": "Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\\com_vtiger_workflow\\savetemplate.php, or unspecified vectors to (2) deletetask.php, (3) edittask.php, (4) savetask.php, or (5) saveworkflow.php. (1) modules\\com_vtiger_workflow\\savetemplate.php of return_url Parameters (2) deletetask.php Unspecified elements (3) edittask.php Unspecified elements (4) savetask.php Unspecified elements (5) saveworkflow.php Unspecified elements. Vtiger CRM is a set of customer relationship management system (CRM) based on SugarCRM developed by Vtiger in the United States. The management system provides functions such as management, collection, and analysis of customer information. \nA cross-site scripting vulnerability exists in Vtiger, which stems from programs that do not properly filter input submitted by users. When a user browses an affected website, their browser will execute arbitrary script code provided by the attacker, which may cause the attacker to steal cookie-based authentication and launch other attacks. Vtiger 5.4.0 has vulnerabilities. Other versions may also be affected. [SOJOBO-ADV-13-05] - Vtiger 5.4.0 Reflected Cross Site Scripting\n\n\nI. * Information *\n==================\nName : Vtiger 5.4.0 Reflected Cross Site Scripting\nSoftware : Vtiger 5.4.0 and possibly below. \nVendor Homepage : https://www.vtiger.com/\nVulnerability Type : Reflected Cross-Site Scripting\nSeverity : Medium (3/5)\nAdvisory Reference : SOJOBO-ADV-13-05 (http://www.enkomio.com/Advisories)\nCredits: Sojobo dev team\nDescription: A Reflected Cross Site Scripting vulnerability was discovered during the testing of Sojobo, Static Analysis Tool. \n\n\nII. * Details *\n===============\nA) Reflected Cross Site Scripting in savetemplate.php, deletetask.php, edittask.php, savetask.php and saveworkflow.php [Impact: 3/5]\n\n\nFollow a trace to reach the vulnerable code. \n\n\nFile: \\modules\\com_vtiger_workflow\\savetemplate.php\n45: vtSaveWorkflowTemplate($adb, $_REQUEST);\n... \n37: $returnUrl = $request[\u0027return_url\u0027];\n... \n40: window.location=\"\u003c?php echo $returnUrl?\u003e\";\n\n\nThe variable \u0027return_url\u0027 isn\u0027t correctly validated before to be printed in the page. \n\n\nA test request is: /index.php?module=com_vtiger_workflow\u0026action=savetemplate\u0026return_url=\"\u003e\u003cscript\u003ealert(\u0027xss\u0027);\u003c/script\u003e\n\n\nIII. * Report Timeline *\n========================\n\n\n26 October 2013 - First contact\n29 October 2013 - Fix announced on the new version\n10 December 2013 - Fix release with the new version\n\n\nIV. * About Sojobo *\n====================\nSojobo allows you to find security vulnerabilities in your PHP web application source code before others do. \nBy using the state of the art techniques Sojobo is able to identify the most critical vulnerabilities in your code \nand limit the number of false positives",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7326"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "PACKETSTORM",
"id": "124402"
}
],
"trust": 2.61
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2013-7326",
"trust": 2.8
},
{
"db": "BID",
"id": "64236",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "124402",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "100897",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258",
"trust": 0.6
},
{
"db": "XF",
"id": "89662",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20131211 [SOJOBO-ADV-13-05] - VTIGER 5.4.0 REFLECTED CROSS SITE SCRIPTING",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67328",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"id": "VAR-201402-0420",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-11T23:01:41.622000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.5,
"url": "http://www.enkomio.com/advisory/sojobo-adv-13-05"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/64236"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-12/0052.html"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/124402"
},
{
"trust": 1.7,
"url": "http://osvdb.org/100897"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/89662"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7326"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7326"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/89662"
},
{
"trust": 0.3,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%205.1.0/"
},
{
"trust": 0.1,
"url": "http://www.enkomio.com/advisories)"
},
{
"trust": 0.1,
"url": "https://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67328"
},
{
"db": "BID",
"id": "64236"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
},
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
},
{
"db": "NVD",
"id": "CVE-2013-7326"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "VULHUB",
"id": "VHN-67328",
"ident": null
},
{
"db": "BID",
"id": "64236",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"ident": null
},
{
"db": "PACKETSTORM",
"id": "124402",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2013-7326",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-67328",
"ident": null
},
{
"date": "2013-12-11T00:00:00",
"db": "BID",
"id": "64236",
"ident": null
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"ident": null
},
{
"date": "2013-12-12T04:41:27",
"db": "PACKETSTORM",
"id": "124402",
"ident": null
},
{
"date": "2013-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-258",
"ident": null
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-213",
"ident": null
},
{
"date": "2014-02-14T19:55:26.717000",
"db": "NVD",
"id": "CVE-2013-7326",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-67328",
"ident": null
},
{
"date": "2014-02-18T15:27:00",
"db": "BID",
"id": "64236",
"ident": null
},
{
"date": "2014-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006053",
"ident": null
},
{
"date": "2013-12-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201312-258",
"ident": null
},
{
"date": "2014-02-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201402-213",
"ident": null
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-7326",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
}
],
"trust": 1.2
},
"title": {
"_id": null,
"data": "vTiger CRM Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006053"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "124402"
},
{
"db": "CNNVD",
"id": "CNNVD-201312-258"
},
{
"db": "CNNVD",
"id": "CNNVD-201402-213"
}
],
"trust": 1.3
}
}
VAR-201310-0304
Vulnerability from variot - Updated: 2025-04-11 20:17SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559. vTiger CRM of CalendarCommon.php Is SQL An injection vulnerability exists. vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vtiger CRM 5.4.0 is vulnerable; prior versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability is caused by the program not adequately filtering the 'onlyforuser' parameter passed to the index.php script
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0304",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.6,
"vendor": "vtiger",
"version": "5.4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
}
],
"sources": [
{
"db": "BID",
"id": "62487"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
},
{
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "High-Tech Bridge Security Research Lab",
"sources": [
{
"db": "BID",
"id": "62487"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5091",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2013-5091",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-65093",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-5091",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-5091",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201309-373",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65093",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65093"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
},
{
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559. vTiger CRM of CalendarCommon.php Is SQL An injection vulnerability exists. vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nvtiger CRM 5.4.0 is vulnerable; prior versions may also be affected. Vtiger CRM is a customer relationship management system (CRM) based on SugarCRM developed by American Vtiger Company. The management system provides functions such as management, collection, and analysis of customer information. The vulnerability is caused by the program not adequately filtering the \u0027onlyforuser\u0027 parameter passed to the index.php script",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5091"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"db": "BID",
"id": "62487"
},
{
"db": "VULHUB",
"id": "VHN-65093"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65093",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65093"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5091",
"trust": 2.8
},
{
"db": "IMMUNIWEB",
"id": "HTB23168",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "28409",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "76138",
"trust": 1.7
},
{
"db": "BID",
"id": "62487",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201309-373",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20130918 SQL INJECTION IN VTIGER CRM",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "123296",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-81979",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65093",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65093"
},
{
"db": "BID",
"id": "62487"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
},
{
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"id": "VAR-201310-0304",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-65093"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-11T20:17:34.459000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM 5.4.0 (Patch Information)",
"trust": 0.8,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%205.4.0/Core%20Product/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65093"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-09/0079.html"
},
{
"trust": 1.7,
"url": "http://sourceforge.net/projects/vtigercrm/files/vtiger%20crm%205.4.0/core%20product/"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/28409"
},
{
"trust": 1.7,
"url": "https://www.htbridge.com/advisory/htb23168"
},
{
"trust": 1.7,
"url": "http://osvdb.org/76138"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5091"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5091"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/62487"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65093"
},
{
"db": "BID",
"id": "62487"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
},
{
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-65093"
},
{
"db": "BID",
"id": "62487"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
},
{
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-04T00:00:00",
"db": "VULHUB",
"id": "VHN-65093"
},
{
"date": "2013-09-18T00:00:00",
"db": "BID",
"id": "62487"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"date": "2013-09-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-373"
},
{
"date": "2013-10-04T20:55:03.857000",
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-65093"
},
{
"date": "2013-09-18T00:00:00",
"db": "BID",
"id": "62487"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004517"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201309-373"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2013-5091"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM of CalendarCommon.php In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004517"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201309-373"
}
],
"trust": 0.6
}
}
VAR-201111-0152
Vulnerability from variot - Updated: 2025-04-11 19:37SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0152",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.8,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "2.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "2.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "3.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.0.1"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "3.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.6,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "4.2.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.2.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.3"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.4"
},
{
"model": "crm",
"scope": "eq",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.1.0"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "3.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "4.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "5.0.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.8,
"vendor": "vtiger crm",
"version": "5.1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "1.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "2.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "2.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "3.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "4.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "4.0.1"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "4.2.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.0.2"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.0.3"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "5.2.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.4,
"vendor": "vtiger crm",
"version": "*"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "5.2"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aung Khant, YGN Ethical Hacker Group and Myanmar",
"sources": [
{
"db": "BID",
"id": "49948"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
}
],
"trust": 0.9
},
"cve": "CVE-2011-4559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2011-4559",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-5753",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52504",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2011-4559",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2011-4559",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2011-5753",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-458",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52504",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). vtiger CRM is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. \nExploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. \nvtiger CRM 5.2.1 is vulnerable; prior versions may also be affected. The management system provides functions such as management, collection, and analysis of customer information",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4559"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-52504"
}
],
"trust": 2.88
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-52504",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52504"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-4559",
"trust": 3.8
},
{
"db": "BID",
"id": "49948",
"trust": 3.2
},
{
"db": "OSVDB",
"id": "76138",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458",
"trust": 1.1
},
{
"db": "CNVD",
"id": "CNVD-2011-5753",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300",
"trust": 0.6
},
{
"db": "XF",
"id": "70344",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20111005 VTIGER CRM 5.2.X \u003c= BLIND SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20111005 VTIGER CRM 5.2.X \u003c= BLIND SQL INJECTION VULNERABILITY",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7D2BF1-463F-11E9-A163-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "5E7E5136-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "36208",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-52504",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"id": "VAR-201111-0152",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
}
],
"trust": 1.6291666400000002
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
}
]
},
"last_update_date": "2025-04-11T19:37:48.477000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.vtigercrm.jp/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/49948"
},
{
"trust": 2.0,
"url": "http://yehg.net/lab/pr0js/advisories/%5bvtiger_5.2.1%5d_blind_sqlin"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2011/oct/224"
},
{
"trust": 1.7,
"url": "http://osvdb.org/76138"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/520006/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/70344"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4559"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4559"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/70344"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/520006/100/0/threaded"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
},
{
"trust": 0.3,
"url": "https://secure.wikimedia.org/wikipedia/en/wiki/vtiger_crm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "VULHUB",
"id": "VHN-52504"
},
{
"db": "BID",
"id": "49948"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-30T00:00:00",
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"date": "2011-11-30T00:00:00",
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"date": "2011-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-52504"
},
{
"date": "2011-10-05T00:00:00",
"db": "BID",
"id": "49948"
},
{
"date": "2011-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"date": "2011-11-28T21:55:07.997000",
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"date": "2018-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52504"
},
{
"date": "2011-12-05T18:07:00",
"db": "BID",
"id": "49948"
},
{
"date": "2011-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003104"
},
{
"date": "2011-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"date": "2011-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-458"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2011-4559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vTiger CRM Calendar Module SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5753"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "IVD",
"id": "7d7d2bf1-463f-11e9-a163-000c29342cb1"
},
{
"db": "IVD",
"id": "5e7e5136-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-201110-300"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-458"
}
],
"trust": 1.6
}
}
VAR-200707-0378
Vulnerability from variot - Updated: 2025-04-10 23:25SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. vtiger CRM is prone to a sql-injection vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "81654"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3603",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2007-3603",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26965",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3603",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3603",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-100",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26965",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in the dashboard (include/utils/SearchUtils.php) in vtiger CRM before 5.0.3 allows remote authenticated users to execute arbitrary SQL commands via the assigned_user_id parameter in a Potentials ListView action to index.php. vtiger CRM is prone to a sql-injection vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3603"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "VULHUB",
"id": "VHN-26965"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3603",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "45782",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100",
"trust": 0.6
},
{
"db": "BID",
"id": "81654",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26965",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"id": "VAR-200707-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-10T23:25:44.762000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3196",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://forums.vtiger.com/viewtopic.php?p=44717"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3196"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10423"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45782"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3603"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3603"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26965"
},
{
"db": "BID",
"id": "81654"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
},
{
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26965"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "81654"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-100"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-26965"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "81654"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005822"
},
{
"date": "2007-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-100"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3603"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of dashboard In SQL Injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005822"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-100"
}
],
"trust": 0.6
}
}
VAR-200610-0315
Vulnerability from variot - Updated: 2025-04-10 23:25Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. (1) modules/Calendar/admin/update.php To calpath Parameters (2) modules/Calendar/admin/scheme.php To calpath Parameters (3) modules/Calendar/calendar.php To calpath Parameters. vtiger CRM is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. This may allow an attacker to compromise the application and the underlying system; other attacks are also possible. vtiger CRM 4.2 and prior versions are vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.9,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "lte",
"trust": 0.8,
"vendor": "vtiger",
"version": "4.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.3,
"vendor": "vtiger",
"version": "4.2.4"
}
],
"sources": [
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Dedi Dwianto is credited with the discovery of these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "20435"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
],
"trust": 0.9
},
"cve": "CVE-2006-5289",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2006-5289",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-21397",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-5289",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2006-5289",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-203",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-21397",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the calpath parameter to (1) modules/Calendar/admin/update.php, (2) modules/Calendar/admin/scheme.php, or (3) modules/Calendar/calendar.php. (1) modules/Calendar/admin/update.php To calpath Parameters (2) modules/Calendar/admin/scheme.php To calpath Parameters (3) modules/Calendar/calendar.php To calpath Parameters. vtiger CRM is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. \nThis may allow an attacker to compromise the application and the underlying system; other attacks are also possible. \nvtiger CRM 4.2 and prior versions are vulnerable; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5289"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "VULHUB",
"id": "VHN-21397"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-21397",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-5289",
"trust": 2.5
},
{
"db": "BID",
"id": "20435",
"trust": 2.0
},
{
"db": "SREASON",
"id": "1722",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "2508",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20061009 [ECHO_ADV_54$2006]VTIGER CRM \u003c=4.2 (CALPATH) MULTIPLE REMOTE FILE INCLUSION VULNERABILITY",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "2508",
"trust": 0.6
},
{
"db": "XF",
"id": "29416",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-64076",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-21397",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"id": "VAR-200610-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-10T23:25:12.950000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "vtiger CRM",
"trust": 0.8,
"url": "https://www.vtiger.com/crm/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/20435"
},
{
"trust": 1.7,
"url": "http://advisories.echo.or.id/adv/adv54-theday-2006.txt"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/1722"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/448092/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/2508"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29416"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5289"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5289"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/29416"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/448092/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/2508"
},
{
"trust": 0.6,
"url": "http://milw0rm.com/exploits/2508"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-21397"
},
{
"db": "BID",
"id": "20435"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
},
{
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-21397"
},
{
"date": "2006-10-10T00:00:00",
"db": "BID",
"id": "20435"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"date": "2006-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-203"
},
{
"date": "2006-10-13T20:07:00",
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-21397"
},
{
"date": "2006-10-12T19:49:00",
"db": "BID",
"id": "20435"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003290"
},
{
"date": "2006-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-203"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2006-5289"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM In PHP Remote file inclusion vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003290"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-203"
}
],
"trust": 0.6
}
}
VAR-200707-0374
Vulnerability from variot - Updated: 2025-04-10 23:25vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. vtiger CRM is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0374",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85628"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2007-3599",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-26961",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3599",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2007-3599",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-108",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-26961",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM before 5.0.3 allows remote authenticated users to import and export the information for a contact even when they only have the View permission. vtiger CRM is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3599"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "VULHUB",
"id": "VHN-26961"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3599",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "45781",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108",
"trust": 0.7
},
{
"db": "BID",
"id": "85628",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26961",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"id": "VAR-200707-0374",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-10T23:25:04.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2968",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2968"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2968"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45781"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3599"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3599"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26961"
},
{
"db": "BID",
"id": "85628"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
},
{
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26961"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85628"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-108"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-26961"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85628"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005818"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-108"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3599"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerabilities such as importing contact information",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005818"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-108"
}
],
"trust": 0.6
}
}
VAR-200707-0375
Vulnerability from variot - Updated: 2025-04-10 23:21WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. vtiger CRM is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0375",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85632"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-099"
},
{
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85632"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3600",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2007-3600",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-26962",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3600",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3600",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-099",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26962",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2007-3600",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26962"
},
{
"db": "VULMON",
"id": "CVE-2007-3600"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-099"
},
{
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 allows remote authenticated users to bypass field level security permissions and merge arbitrary fields in an Email template, as demonstrated by the fields in the Contact module. vtiger CRM is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3600"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"db": "BID",
"id": "85632"
},
{
"db": "VULHUB",
"id": "VHN-26962"
},
{
"db": "VULMON",
"id": "CVE-2007-3600"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3600",
"trust": 2.9
},
{
"db": "OSVDB",
"id": "45784",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005819",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-099",
"trust": 0.6
},
{
"db": "BID",
"id": "85632",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-26962",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2007-3600",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26962"
},
{
"db": "VULMON",
"id": "CVE-2007-3600"
},
{
"db": "BID",
"id": "85632"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-099"
},
{
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"id": "VAR-200707-0375",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26962"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-10T23:21:45.245000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3790",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.1,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3790"
},
{
"trust": 2.1,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/changeset/10845"
},
{
"trust": 1.8,
"url": "http://osvdb.org/45784"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3600"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3600"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/85632"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26962"
},
{
"db": "VULMON",
"id": "CVE-2007-3600"
},
{
"db": "BID",
"id": "85632"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-099"
},
{
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26962"
},
{
"db": "VULMON",
"id": "CVE-2007-3600"
},
{
"db": "BID",
"id": "85632"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-099"
},
{
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26962"
},
{
"date": "2007-07-06T00:00:00",
"db": "VULMON",
"id": "CVE-2007-3600"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85632"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-099"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-26962"
},
{
"date": "2008-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2007-3600"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85632"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005819"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-099"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3600"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of wordintegration Vulnerabilities that prevent field-level security permissions in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005819"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-099"
}
],
"trust": 0.6
}
}
VAR-200707-0376
Vulnerability from variot - Updated: 2025-04-10 23:21vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users' calendar activities via a (1) home page or (2) event list view. vtiger CRM is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0376",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85627"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3601",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2007-3601",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:N/AC:H/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-26963",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3601",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2007-3601",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-103",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-26963",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM before 5.0.3, when a migrated build is used, allows remote authenticated users to read certain other users\u0027 calendar activities via a (1) home page or (2) event list view. vtiger CRM is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3601"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "VULHUB",
"id": "VHN-26963"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3601",
"trust": 2.8
},
{
"db": "OSVDB",
"id": "45785",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103",
"trust": 0.6
},
{
"db": "BID",
"id": "85627",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26963",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"id": "VAR-200707-0376",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-10T23:21:00.291000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "3990",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/3990"
},
{
"trust": 1.7,
"url": "http://osvdb.org/45785"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3601"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3601"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26963"
},
{
"db": "BID",
"id": "85627"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
},
{
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26963"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85627"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-103"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-26963"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85627"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005820"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-103"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3601"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM Vulnerability in reading calendar items of specific users",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005820"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-103"
}
],
"trust": 0.6
}
}
VAR-200707-0488
Vulnerability from variot - Updated: 2025-04-10 23:19index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. vtiger CRM is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0488",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85611"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3616",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2007-3616",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26978",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3616",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3616",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-116",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26978",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "index.php in vtiger CRM before 5.0.3 allows remote authenticated users to perform administrative changes to arbitrary profile settings via a certain profilePrivileges action in the Users module. vtiger CRM is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3616"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "VULHUB",
"id": "VHN-26978"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3616",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116",
"trust": 0.7
},
{
"db": "BID",
"id": "85611",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26978",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"id": "VAR-200707-0488",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-10T23:19:07.291000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2237",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2237"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2237"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3616"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3616"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26978"
},
{
"db": "BID",
"id": "85611"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
},
{
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26978"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85611"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-116"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-26978"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85611"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-003710"
},
{
"date": "2007-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-116"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3616"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "vtiger CRM of index.php Vulnerable to management changes",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-003710"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-116"
}
],
"trust": 0.6
}
}
VAR-200707-0373
Vulnerability from variot - Updated: 2025-04-10 23:18index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users' names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a "You are not permitted to execute this Operation" error message in a 5.0.3 demo. vtiger CRM is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0373",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "lte",
"trust": 1.0,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "eq",
"trust": 0.9,
"vendor": "vtiger",
"version": "5.0.2"
},
{
"model": "crm",
"scope": "lt",
"trust": 0.8,
"vendor": "vtiger",
"version": "5.0.3"
}
],
"sources": [
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:vtiger:vtiger_crm",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85646"
}
],
"trust": 0.3
},
"cve": "CVE-2007-3598",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2007-3598",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-26960",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2007-3598",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2007-3598",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-098",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-26960",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "index.php in vtiger CRM before 5.0.3 allows remote authenticated users to obtain all users\u0027 names and e-mail addresses, and possibly change user settings, via a modified record parameter in a DetailView action to the Users module. NOTE: the vendor disputes the changing of settings, reporting that the attack vector results in a \"You are not permitted to execute this Operation\" error message in a 5.0.3 demo. vtiger CRM is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3598"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "VULHUB",
"id": "VHN-26960"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-3598",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098",
"trust": 0.6
},
{
"db": "BID",
"id": "85646",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-26960",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"id": "VAR-200707-0373",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
}
],
"trust": 0.62916664
},
"last_update_date": "2025-04-10T23:18:09.086000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "2985",
"trust": 0.8,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2985"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/report/9"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2664"
},
{
"trust": 2.0,
"url": "http://trac.vtiger.com/cgi-bin/trac.cgi/ticket/2985"
},
{
"trust": 2.0,
"url": "http://forums.vtiger.com/viewtopic.php?p=38609"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3598"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3598"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-26960"
},
{
"db": "BID",
"id": "85646"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
},
{
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-06T00:00:00",
"db": "VULHUB",
"id": "VHN-26960"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85646"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"date": "2007-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-098"
},
{
"date": "2007-07-06T19:30:00",
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-26960"
},
{
"date": "2007-07-06T00:00:00",
"db": "BID",
"id": "85646"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-005817"
},
{
"date": "2007-07-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-098"
},
{
"date": "2025-04-09T00:30:58.490000",
"db": "NVD",
"id": "CVE-2007-3598"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "index.php of vtiger CRM Vulnerabilities in which all user names are acquired",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-005817"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-098"
}
],
"trust": 0.6
}
}