6
CVE-2010-3909
- EPSS 2.63%
- Veröffentlicht 26.11.2010 20:00:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginIncomplete blacklist vulnerability in config.template.php in vtiger CRM before 5.2.1 allows remote authenticated users to execute arbitrary code by using the draft save feature in the Compose Mail component to upload a file with a .phtml extension, and then accessing this file via a direct request to the file in the storage/ directory tree.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vtiger ≫ Vtiger Crm Version <= 5.2.0
Vtiger ≫ Vtiger Crm Version1.0
Vtiger ≫ Vtiger Crm Version2.0
Vtiger ≫ Vtiger Crm Version2.0.1
Vtiger ≫ Vtiger Crm Version2.1
Vtiger ≫ Vtiger Crm Version3
Vtiger ≫ Vtiger Crm Version3.0
Vtiger ≫ Vtiger Crm Version3.0 Updatebeta
Vtiger ≫ Vtiger Crm Version3.2
Vtiger ≫ Vtiger Crm Version4
Vtiger ≫ Vtiger Crm Version4 Updatebeta
Vtiger ≫ Vtiger Crm Version4 Updaterc1
Vtiger ≫ Vtiger Crm Version4.0
Vtiger ≫ Vtiger Crm Version4.0.1
Vtiger ≫ Vtiger Crm Version4.2
Vtiger ≫ Vtiger Crm Version4.2 Editionvalidation
Vtiger ≫ Vtiger Crm Version4.2.4
Vtiger ≫ Vtiger Crm Version5.0.0
Vtiger ≫ Vtiger Crm Version5.0.2
Vtiger ≫ Vtiger Crm Version5.0.3
Vtiger ≫ Vtiger Crm Version5.0.4
Vtiger ≫ Vtiger Crm Version5.0.4 Updaterc
Vtiger ≫ Vtiger Crm Version5.1.0
Vtiger ≫ Vtiger Crm Version5.1.0 Updaterc
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.63% | 0.848 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.