CVE-2010-3909
vtiger CRM < 5.2.1 - Authenticated Remote Code Execution via .phtml File Upload
Title source: llmDescription
Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.
References (5)
Core 5
Core References
Various Sources x_refsource_misc
http://www.ush.it/team/ush/hack-vtigercrm_520/vtigercrm_520.txt
Various Sources x_refsource_misc
http://vtiger.com/blogs/2010/11/16/vtiger-crm-521-is-released/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42246
Third Party Advisory x_refsource_misc
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514846/100/0/threaded
Scores
EPSS
0.0164
EPSS Percentile
73.5%
Details
CWE
CWE-94
Status
published
Products (18)
vtiger/vtiger_crm
vtiger/vtiger_crm
1.0
vtiger/vtiger_crm
2.0
vtiger/vtiger_crm
2.0.1
vtiger/vtiger_crm
2.1
vtiger/vtiger_crm
3
vtiger/vtiger_crm
3.0 (2 CPE variants)
vtiger/vtiger_crm
3.2
vtiger/vtiger_crm
4 (3 CPE variants)
vtiger/vtiger_crm
4.0
... and 8 more
Published
Nov 26, 2010
Tracked Since
Feb 18, 2026