QwikSec

Security Database

CVE

CWE

Training

CVE-2009-3250

Published: Sep 18, 2009

Modified: Aug 7, 2024

PUBLISHED

Description

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/

x_refsource_MISC

http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt

x_refsource_MISC

exploit

x_refsource_EXPLOIT-DB

20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_VUPEN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.