CVE-2016-1713

HIGH

Vtiger CRM 6.4.0 - RCE

Title source: llm

Description

Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.

Exploits (3)

exploitdb WORKING POC

by Touhid M.Shaikh · rubywebappsphp

https://www.exploit-db.com/exploits/44379

View Code ZIP pw:eip

exploitdb WORKING POC

by Benjamin Daniel Mussler · textwebappsphp

https://www.exploit-db.com/exploits/38345

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Benjamin Daniel Mussler, Touhid M.Shaikh <[email protected]>, SecureLayer7.net · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/vtiger_logo_upload_exec.rb

View Code ZIP pw:eip

References (4)

[Exploit, Technical Description, Third Party Advisory] http://b.fl7.de/2016/01/vtiger-crm-6.4-auth-rce.html

[Mailing List, Third Party Advisory] http://www.openwall.com/lists/oss-security/2016/01/12/4

[Mailing List] http://www.openwall.com/lists/oss-security/2016/01/12/7

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/44379/

Scores

CVSS v3 7.3

EPSS 0.6194

EPSS Percentile 98.4%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

vtiger/vtiger_crm 6.4.0

Published Apr 14, 2017

Tracked Since Feb 18, 2026