CVE-2013-3215
CRITICALvtiger CRM 5.1.0-5.4.0 - Authentication Bypass via Improper Session Validation
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2013-3215.
PoCs published by EgiX, Egidio Romano, juan vazquez, including Metasploit module exploits/multi/http/vtiger_soap_upload.
AI-analyzed exploit summary The document describes multiple vulnerabilities in vtiger CRM <= 5.4.0, including local file inclusion (LFI) and SQL injection (SQLi) flaws. It provides detailed technical analysis of the vulnerable code and exploitation conditions.
Description
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
Exploits (2)
The document describes multiple vulnerabilities in vtiger CRM <= 5.4.0, including local file inclusion (LFI) and SQL injection (SQLi) flaws. It provides detailed technical analysis of the vulnerable code and exploitation conditions.
This Metasploit module exploits an authentication bypass and arbitrary file upload vulnerability in vTiger CRM via SOAP services. It uploads a malicious PHP file and executes it to achieve remote code execution.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H