CVE-2009-3248

Vtiger Crm - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3248. PoCs published by USH.

AI-analyzed exploit summary This is a detailed technical advisory describing multiple vulnerabilities in Vtiger CRM 5.0.4, including RCE (Windows-specific), CSRF, LFI, and XSS. It provides root cause analysis, exploitation methodologies, and specific code paths but does not include functional exploit code.

Description

Cross-site request forgery (CSRF) vulnerability in the RSS module in vtiger CRM 5.0.4 allows remote attackers to hijack the authentication of Admin users for requests that modify the news feed system via the rssurl parameter in a Save action to index.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by USH · textwebappsphp
https://www.exploit-db.com/exploits/9450

This is a detailed technical advisory describing multiple vulnerabilities in Vtiger CRM 5.0.4, including RCE (Windows-specific), CSRF, LFI, and XSS. It provides root cause analysis, exploitation methodologies, and specific code paths but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Rce | Lfi | Csrf | Xss
Complexity
Moderate
Reliability
Theoretical
Target: Vtiger CRM 5.0.4
Auth required
Prerequisites: Valid user account for RCE and some LFI exploits · Windows OS for RCE via filename manipulation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (8)

Core 8
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9450
Exploit mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=125060676515670&w=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36062
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/57238
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36309
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2319

Scores

EPSS 0.0126
EPSS Percentile 65.7%

Details

CWE
CWE-352
Status published
Products (1)
vtiger/vtiger_crm 5.0.4
Published Sep 18, 2009
Tracked Since Feb 18, 2026