CVE-2010-3909

vtiger CRM < 5.2.1 - Authenticated Remote Code Execution via .phtml File Upload

Title source: llm
STIX 2.1

Description

Incomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/42246
Third Party Advisory x_refsource_misc
http://wiki.vtiger.com/index.php/Vtiger521:Release_Notes
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/514846/100/0/threaded

Scores

EPSS 0.0164
EPSS Percentile 73.5%

Details

CWE
CWE-94
Status published
Products (18)
vtiger/vtiger_crm
vtiger/vtiger_crm 1.0
vtiger/vtiger_crm 2.0
vtiger/vtiger_crm 2.0.1
vtiger/vtiger_crm 2.1
vtiger/vtiger_crm 3
vtiger/vtiger_crm 3.0 (2 CPE variants)
vtiger/vtiger_crm 3.2
vtiger/vtiger_crm 4 (3 CPE variants)
vtiger/vtiger_crm 4.0
... and 8 more
Published Nov 26, 2010
Tracked Since Feb 18, 2026