6.4

CVE-2005-3820

Exploit

EPSS 1.16%
Veröffentlicht 26.11.2005 02:03:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Multiple directory traversal vulnerabilities in index.php in vTiger CRM 4.2 and earlier allow remote attackers to read or include arbitrary files, an ultimately execute arbitrary PHP code, via .. (dot dot) and null byte ("%00") sequences in the (1) module parameter and (2) action parameter in the Leads module, as also demonstrated by injecting PHP code into log messages and accessing the log file.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vtiger ≫ Vtiger Crm Version <= 4.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.16%	0.766

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:P/I:P/A:N

http://secunia.com/advisories/17693

Vendor Advisory

http://securitytracker.com/id?1015271

http://www.hardened-php.net/advisory_232005.105.html

Vendor Advisory

http://www.securityfocus.com/archive/1/417730/30/0/threaded

http://www.securityfocus.com/bid/15562

Exploit

http://www.vupen.com/english/advisories/2005/2569

http://marc.info/?l=full-disclosure&m=113290708121951&w=2

http://securitytracker.com/id?1015274

http://www.securityfocus.com/archive/1/417711/30/0/threaded

http://www.securityfocus.com/bid/15569

https://nvd.nist.gov/vuln/detail/CVE-2005-3820

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3820

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3820

EUVD