CVE-2013-3212

HIGH

vtiger CRM < 5.4.0 - Local File Inclusion and Remote Code Execution via customerportal.php

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-3212. PoCs published by EgiX.

AI-analyzed exploit summary The document describes multiple vulnerabilities in vtiger CRM <= 5.4.0, including local file inclusion (LFI) and SQL injection (SQLi) flaws. It provides detailed technical analysis of the vulnerable code and exploitation conditions.

Description

vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.

Exploits (1)

exploitdb WRITEUP
by EgiX · textwebappsphp
https://www.exploit-db.com/exploits/27279

The document describes multiple vulnerabilities in vtiger CRM <= 5.4.0, including local file inclusion (LFI) and SQL injection (SQLi) flaws. It provides detailed technical analysis of the vulnerable code and exploitation conditions.

Classification
Writeup 100%
Attack Type
Sqli | Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: vtiger CRM <= 5.4.0
No auth needed
Prerequisites: PHP < 5.3.4 for LFI · Valid session or authentication for some SQLi vectors
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/27279
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/61560
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/86162

Scores

CVSS v3 8.1
EPSS 0.0754
EPSS Percentile 93.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-74
Status published
Products (1)
vtiger/vtiger_crm < 5.4.0
Published Jan 28, 2020
Tracked Since Feb 18, 2026