Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4867

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-4867
Last Modified 07 Sep 2012 12:00:00
Published 06 Sep 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-4867

Summary

Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.

Vulnerable Systems

Application

  • Vtiger Crm 5.1.0


References

EXPLOIT-DB - 18635

MISC - http://packetstormsecurity.org/files/111075/Vtiger-5.1.0-Local-File-Inclusion.html


Last Updated: 27 May 2016 11:00:30