CVE-2009-3250

vtiger CRM 5.0.4 - Authenticated Remote Code Execution via Compose Mail Attachment Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3250. PoCs published by USH.

AI-analyzed exploit summary This is a detailed technical advisory describing multiple vulnerabilities in Vtiger CRM 5.0.4, including RCE (Windows-specific), CSRF, LFI, and XSS. It provides root cause analysis, exploitation methodologies, and specific code paths but does not include functional exploit code.

Description

The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.

Exploits (1)

exploitdb WRITEUP VERIFIED

by USH · textwebappsphp

https://www.exploit-db.com/exploits/9450

View Code ZIP pw:eip

This is a detailed technical advisory describing multiple vulnerabilities in Vtiger CRM 5.0.4, including RCE (Windows-specific), CSRF, LFI, and XSS. It provides root cause analysis, exploitation methodologies, and specific code paths but does not include functional exploit code.

Classification

Writeup 100%

Attack Type

Rce | Lfi | Csrf | Xss

Complexity

Moderate

Reliability

Theoretical

Target: Vtiger CRM 5.0.4

Auth required

Prerequisites: Valid user account for RCE and some LFI exploits · Windows OS for RCE via filename manipulation

MITRE ATT&CK