VAR-190001-0047
Vulnerability from variot - Updated: 2022-05-17 01:50Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple local file inclusion vulnerabilities exist in Vtiger CRM 5.2.1 and earlier. Because the input provided to the user is not properly filtered, an attacker can exploit the vulnerability to obtain potentially sensitive information and execute any local scripts in the web server process, jeopardizing applications and computers, and possibly causing other attacks. This may allow the attacker to compromise the application and the computer; other attacks are also possible. Vtiger CRM 5.2.1 is vulnerable; prior versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-190001-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crm",
"scope": "eq",
"trust": 1.3,
"vendor": "vtiger",
"version": "5.2.1"
}
],
"sources": [
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"db": "BID",
"id": "50613"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "High-Tech Bridge SA Security Research Lab",
"sources": [
{
"db": "BID",
"id": "50613"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2011-5802",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2011-5802",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5802"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM is a Web-based Sales Capability Automation (SFA)-based Customer Relationship Management System (CRM). Multiple local file inclusion vulnerabilities exist in Vtiger CRM 5.2.1 and earlier. Because the input provided to the user is not properly filtered, an attacker can exploit the vulnerability to obtain potentially sensitive information and execute any local scripts in the web server process, jeopardizing applications and computers, and possibly causing other attacks. This may allow the attacker to compromise the application and the computer; other attacks are also possible. \nVtiger CRM 5.2.1 is vulnerable; prior versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"db": "BID",
"id": "50613"
},
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
}
],
"trust": 1.17
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "50613",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2011-5802",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201111-260",
"trust": 0.6
},
{
"db": "IVD",
"id": "7D7DC832-463F-11E9-A2ED-000C29342CB1",
"trust": 0.2
},
{
"db": "IVD",
"id": "2CA8A52C-1F7F-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"db": "BID",
"id": "50613"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
]
},
"id": "VAR-190001-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5802"
}
],
"trust": 1.18660645
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 1.0
}
],
"sources": [
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5802"
}
]
},
"last_update_date": "2022-05-17T01:50:42.625000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vtiger CRM multiple local files contain vulnerable patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/36925"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5802"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50613/info"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/50613"
},
{
"trust": 0.3,
"url": "http://vtiger.com/blogs/?p=894"
},
{
"trust": 0.3,
"url": "https://www.htbridge.ch/advisory/local_file_inclusion_in_vtigercrm.html"
},
{
"trust": 0.3,
"url": "http://www.vtiger.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"db": "BID",
"id": "50613"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"db": "BID",
"id": "50613"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-15T00:00:00",
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"date": "2011-11-15T00:00:00",
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"date": "2011-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"date": "2011-11-09T00:00:00",
"db": "BID",
"id": "50613"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-11-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"date": "2011-11-09T00:00:00",
"db": "BID",
"id": "50613"
},
{
"date": "2011-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vtiger CRM Multiple local files contain vulnerabilities",
"sources": [
{
"db": "IVD",
"id": "7d7dc832-463f-11e9-a2ed-000c29342cb1"
},
{
"db": "IVD",
"id": "2ca8a52c-1f7f-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2011-5802"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-260"
}
],
"trust": 1.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "50613"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…