Arbitrary file upload in Vtiger CRM
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-1713 |
| CWE-ID | CWE-434 |
| Exploitation vector | Local |
| Public exploit | Public exploit code for vulnerability #1 is available. |
| Vulnerable software |
Vtiger CRM Other software / Other software solutions |
| Vendor | Vtiger |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Arbitrary file upload
EUVDB-ID: #VU39178
Risk: Low
CVSSv4.0: 7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2016-1713
CWE-ID:
CWE-434 - Unrestricted Upload of File with Dangerous Type
Exploit availability: Yes
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyDetailsSave_Action class in modules/Settings/Vtiger/actions/CompanyDetailsSave.php in Vtiger CRM 6.4.0 allows remote authenticated users to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in test/logo/. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6000.
MitigationInstall update from vendor's website.
Vulnerable software versionsVtiger CRM: 6.4.0
CPE2.3 External linkshttps://b.fl7.de/2016/01/vtiger-crm-6.4-auth-rce.html
https://www.openwall.com/lists/oss-security/2016/01/12/4
https://www.openwall.com/lists/oss-security/2016/01/12/7
https://www.exploit-db.com/exploits/44379/
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
