Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3820

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-3820
Last Modified 07 Mar 2011 09:27:13
Published 25 Nov 2005 09:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3820

Summary

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.

Vulnerable Systems

Application

  • Vtiger Crm 4.2


References

VUPEN - ADV-2005-2569

BID - 15569

BID - 15562

BUGTRAQ - 20051124 Advisory 23/2005: vTiger multiple vulnerabilities

BUGTRAQ - 20051125 SEC Consult SA-20051125-0 :: More Vulnerabilities in vTiger CRM

MISC - http://www.hardened-php.net/advisory_232005.105.html

SECUNIA - 17693

SECTRACK - 1015274

SECTRACK - 1015271


Last Updated: 27 May 2016 10:41:04