ush.it - a beautiful place

Vtiger CRM 5.2.0 Multiple Vulnerabilities

November 16, 2010 at 10:46 pm - Filed under Hacks - 1279 words, reading time ~4 minutes - Permalink - Comments

Giovanni "evilaliv3" Pellerano and Alessandro "jekil" Tanasi found multiple vulnerabilities in Vtiger CRM 5.2.0, a software we already audited in the past. High impact (for a web application) findings include a Remote Command Execution issue (thanks to a possible bypass in the file upload extension blacklist) and a Local File Inclusion that can be exploited by unauthenticated users. Two separate Cross Site Scripting issues have been found, the first on the login.

Reed's Alert! Got something burning? Tell USH team.
THP USH Wisec DigitalBullets