CVE-2012-4867
EXPLOITEDvtiger CRM <5.1.0 - Path Traversal
Title source: llmDescription
Directory traversal vulnerability in modules/com_vtiger_workflow/sortfieldsjson.php in vtiger CRM 5.1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the module_name parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Pi3rrot · textwebappsphp
https://www.exploit-db.com/exploits/18770
Scores
EPSS
0.0847
EPSS Percentile
92.4%
Details
VulnCheck KEV
2022-09-28
CWE
CWE-22
Status
published
Products (1)
vtiger/vtiger_crm
5.1.0
Published
Sep 06, 2012
Tracked Since
Feb 18, 2026